[28546] in bugtraq

home	help	back	first	fref	pref	prev	next	nref	lref	last	post

PHPMyPub (PHP)

daemon@ATHENA.MIT.EDU (Frog Man)
Wed Jan 22 14:46:30 2003

From: "Frog Man" <leseulfrog@hotmail.com>
To: bugtraq@securityfocus.com
Date: Sun, 19 Jan 2003 18:51:01 +0100
Mime-Version: 1.0
Content-Type: text/plain; charset=iso-8859-1; format=flowed
Message-ID: <F132kuutSgcOrBLSAQV00027eff@hotmail.com>


Informations :
°°°°°°°°°°°°°°
Website : http://phpmypub.free.fr
Version : 1.2.0
Problem : Admin access

PHP Code/Location :
°°°°°°°°°°°°°°°°°°°
admin/index.php :
------------------------------------------------------------------------
[...]
$auth = $HTTP_COOKIE_VARS["adminpub"];
if (!$auth)
{
if ($formulaire)
{
  if ($pass==$admin_pass)
       {
       setcookie("adminpub", "true");
       $ADMIN_MODE = true;
       }
  else
      {
[...]
      exit;
      }
  }
[...]
------------------------------------------------------------------------


Exploit :
°°°°°°°°°
Set cookie (name='adminpub', value='1') on http://[target]/admin/index.php .


Patch :
°°°°°°°
A patch can be found on http://www.phpsecure.info.


More details :
°°°°°°°°°°°°°°
In French :
http://www.frog-man.org/tutos/PHPMyPub.txt
Translated by Google :
http://translate.google.com/translate?u=http%3A%2F%2Fwww.frog-man.org%2Ftutos%2FPHPMyPub.txt&langpair=fr%7Cen&hl=en&ie=ISO-8859-1&prev=%2Flanguage_tools


frog-m@n



_________________________________________________________________
MSN Messenger : discutez en direct avec vos amis ! 
http://www.msn.fr/msger/default.asp

home	help	back	first	fref	pref	prev	next	nref	lref	last	post