Informations : °°°°°°°°°°°°°° Website : http://phpmypub.free.fr Version : 1.2.0 Problem : Admin access PHP Code/Location : °°°°°°°°°°°°°°°°°°° admin/index.php : ------------------------------------------------------------------------ [...] $auth = $HTTP_COOKIE_VARS["adminpub"]; if (!$auth) { if ($formulaire) { if ($pass==$admin_pass) { setcookie("adminpub", "true"); $ADMIN_MODE = true; } else { [...] exit; } } [...] ------------------------------------------------------------------------ Exploit : °°°°°°°°° Set cookie (name='adminpub', value='1') on http://[target]/admin/index.php . Patch : °°°°°°° A patch can be found on http://www.phpsecure.info. More details : °°°°°°°°°°°°°° In French : http://www.frog-man.org/tutos/PHPMyPub.txt Translated by Google : http://translate.google.com/translate?u=http%3A%2F%2Fwww.frog-man.org%2Ftutos%2FPHPMyPub.txt&langpair=fr%7Cen&hl=en&ie=ISO-8859-1&prev=%2Flanguage_tools frog-m@n _________________________________________________________________ MSN Messenger : discutez en direct avec vos amis ! http://www.msn.fr/msger/default.asp
This archive was generated by hypermail 2b30 : Wed Jan 22 2003 - 10:59:52 PST