BugTraq
PHPMyTourney Remote file include Vulnerability Feb 29 2008 09:10AM
security soqor net
Hello

PHPMyTourney Remote file include Vulnerability

Discovered By : HACKERS PAL

Copy rights : HACKERS PAL

Website : http://www.soqor.net

Email Address : security (at) soqor (dot) net [email concealed]

home page : http://phpmytourney.sourceforge.net

Script : PHPMyTourney

vulnerable file : phpmytourney/sources/tourney/index.php

code

$page = $_GET['page'];

if(isset($page))

include($page . '.php');

else

echo("must specify a page ");

lines 45-49

fast solution

replace with

if(file_exists($page . '.php') and !eregi(".",$page) and !eregi(":",$page) and !eregi("/",$page))

{

include($page . '.php');

}

else

{

echo("must specify a page ");

}

phpmytourney/sources/tourney/index.php?page=[Evil-Script]

#WwW.SoQoR.NeT

[ reply ]
 

Privacy Statement
Copyright 2010, SecurityFocus