Informations : °°°°°°°°°°°°°° Version : 5.0.1 Website : http://www.dcp-portal.org Problems : - Include file - Access to users' accounts - Access to the administration PHP Code/ Location : °°°°°°°°°°°°°°°°°°°° The first & second hole will work if register_globals is ON. /library/editor/editor.php : ---------------------------------------------------------- [...] $abs_path_editor = "$root/library/editor/"; [...] if( !isset($insertat_editor) ){ include $abs_path_editor."PropAcce_string.php"; } [...] ---------------------------------------------------------- /library/lib.php : ---------------------------------------- <? include ("$root/library/lib_nav.php"); include ("$root/library/lib_mods.php"); include ("$root/library/lib_admin.php"); include ("$root/library/lib_3rd.php"); [...] ---------------------------------------- inbox.php, update.php and all the members AREA : --------------------------------------------------- [...] if (!isset($HTTP_COOKIE_VARS["dcp5_member_id"])) { header ("Location: login.php"); exit(); } [...] --------------------------------------------------- Admin area (/admin/*.php) : -------------------------------------------------- if ($HTTP_COOKIE_VARS["dcp5_member_admin"] != 5) { header("Location: index.php"); exit(); } -------------------------------------------------- More details about Solutions & Exploits : °°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°° In French : http://www.frog-man.org/tutos/DCP-Portal.txt Translated by Google : http://translate.google.com/translate?u=http%3A%2F%2Fwww.frog-man.org%2Ftutos%2FDCP-Portal.txt&langpair=fr%7Cen&hl=en&ie=ISO-8859-1&prev=%2Flanguage_tools frog-m@n http://www.phpsecure.org _________________________________________________________________ MSN Search, le moteur de recherche qui pense comme vous ! http://search.msn.fr/worldwide.asp
This archive was generated by hypermail 2b30 : Mon Jan 20 2003 - 15:34:10 PST