PHPMyPub (PHP)

From: Frog Man (leseulfrogat_private)
Date: Sun Jan 19 2003 - 09:51:01 PST

Next message: John Howie: "RE: Attacking EFS through cached domain logon credentials"

Previous message: mattmurphyat_private: "[VulnWatch] Path Parsing Errata in Apache HTTP Server"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Informations :
АААААААААААААА
Website : http://phpmypub.free.fr
Version : 1.2.0
Problem : Admin access

PHP Code/Location :
ААААААААААААААААААА
admin/index.php :
------------------------------------------------------------------------
[...]
$auth = $HTTP_COOKIE_VARS["adminpub"];
if (!$auth)
{
if ($formulaire)
{
  if ($pass==$admin_pass)
       {
       setcookie("adminpub", "true");
       $ADMIN_MODE = true;
       }
  else
      {
[...]
      exit;
      }
  }
[...]
------------------------------------------------------------------------


Exploit :
ААААААААА
Set cookie (name='adminpub', value='1') on http://[target]/admin/index.php .


Patch :
ААААААА
A patch can be found on http://www.phpsecure.info.


More details :
АААААААААААААА
In French :
http://www.frog-man.org/tutos/PHPMyPub.txt
Translated by Google :
http://translate.google.com/translate?u=http%3A%2F%2Fwww.frog-man.org%2Ftutos%2FPHPMyPub.txt&langpair=fr%7Cen&hl=en&ie=ISO-8859-1&prev=%2Flanguage_tools


frog-m@n



_________________________________________________________________
MSN Messenger : discutez en direct avec vos amis ! 
http://www.msn.fr/msger/default.asp

Next message: John Howie: "RE: Attacking EFS through cached domain logon credentials"
Previous message: mattmurphyat_private: "[VulnWatch] Path Parsing Errata in Apache HTTP Server"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Wed Jan 22 2003 - 10:59:52 PST