Bugtraq mailing list archives
Re: Re: # MHG Security Team --- PHP NUKE All version Remote File Inc.
From: nukedx () nukedx com
Date: 2 Jun 2006 00:49:48 -0000
Yeah,its so weird. vulnerable code in pagestart.php at line 68. http://victim/modules/Forums/admin/admin_styles.php?phpbb_root_path=2 Warning: main(2common.php): failed to open stream: No such file or directory in C:\Inetpub\vhosts\victim\httpdocs\modules\Forums\admin\pagestart.php on line 68 Just edited victim for security purposes. in pagestart.php at lines 67-68: ... include("../../../mainfile.php"); include($phpbb_root_path.'common.'.$phpEx); ... So it includes mainfile.php and i think this is making vulnerability. in mainfile.php at lines 54-56 ... if (!ini_get("register_globals")) { import_request_variables('GPC'); } ... I tried it on some servers.It didnt work but for some worked, and all this servers has register_globals off and magic_quotes_gpc on. This is so weird problem.. Regards, Mustafa Can Bjorn IPEKCI (nukedx a.k.a nuker)
Current thread:
- Re: # MHG Security Team --- PHP NUKE All version Remote File Inc. rgod (Jun 01)
- <Possible follow-ups>
- Re: Re: # MHG Security Team --- PHP NUKE All version Remote File Inc. nukedx (Jun 02)
- Re: Re: # MHG Security Team --- PHP NUKE All version Remote File Inc. Steven M. Christey (Jun 02)