|
Full Disclosure
mailing list archives
Re: PHP file vulnerable on SMF 1.1.10
From: » Ruben Alves <rubenalves () fm ul pt>
Date: Wed, 23 Sep 2009 15:02:17 +0100
I had the same kind of files in my SMF forum. I've never uploaded files
with a "~" at the end. In my opinion, that happens when the admin
updates a SMF forum (with the webadmin panel).
Anyway, the critical file "Settings.php" is not viewable.
Anastasios Monachos wrote:
When editing a file with vi or other editors it creates a temporary
version of the original appending next the filename a tilde (~), looks
to me that's the case.
2009/9/23 bro <tweetycoaster () gmail com <mailto:tweetycoaster () gmail com>>
In Simple Machine Forum application version 1.1.10,
everybody can see some PHP files as like as index.php by any browsers
just added "~" symbol to end of filename.
examples:
http://vulnsite.com/path_of_SMF/index.php~
<http://vulnsite.com/path_of_SMF/index.php%7E>
http://vulnsite.com/path_of_SMF/ssi_examples.php~
<http://vulnsite.com/path_of_SMF/ssi_examples.php%7E>
http://vulnsite.com/path_of_SMF/SSI.php~
<http://vulnsite.com/path_of_SMF/SSI.php%7E>
--
I will never let you go ...
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
--
AM
Key ID: 0x5EB17EE7
------------------------------------------------------------------------
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
 By Date 
By Thread
Current thread:
| 
