Lucene search
SecurityvulnsSECURITYVULNS:DOC:19310HistoryFeb 29, 2008 - 12:00 a.m.
PHPMyTourney Remote file include Vulnerability
2008-02-2900:00:00
vulners.com
40
Hello
PHPMyTourney Remote file include Vulnerability
Discovered By : HACKERS PAL
Copy rights : HACKERS PAL
Website : http://www.soqor.net
Email Address : [email protected]
home page : http://phpmytourney.sourceforge.net
Script : PHPMyTourney
vulnerable file : phpmytourney/sources/tourney/index.php
code
$page = $_GET['page'];
if(isset($page))
include($page . '.php');
else
echo("must specify a page ");
lines 45-49
fast solution
replace with
if(file_exists($page . '.php') and !eregi(".",$page) and !eregi(":",$page) and !eregi("/",$page))
{
include($page . '.php');
}
else
{
echo("must specify a page ");
}
phpmytourney/sources/tourney/index.php?page=[Evil-Script]