[Another PHP portal vulnerability (DCP-Portal). Please await vendor fixes -- Raju]
This is an RFC 1153 digest. (1 message) ---------------------------------------------------------------------- Message-ID: <[EMAIL PROTECTED]> From: "Frog Man" <[EMAIL PROTECTED]> To: [EMAIL PROTECTED] Subject: DCP-Portal (PHP) Date: Sat, 04 Jan 2003 13:22:35 +0100 Informations : 00000000000000 Version : 5.0.1 Website : http://www.dcp-portal.org Problems : - Include file - Access to users' accounts - Access to the administration PHP Code/ Location : 00000000000000000000 The first & second hole will work if register_globals is ON. /library/editor/editor.php : ---------------------------------------------------------- [...] $abs_path_editor = "$root/library/editor/"; [...] if( !isset($insertat_editor) ){ include $abs_path_editor."PropAcce_string.php"; } [...] ---------------------------------------------------------- /library/lib.php : ---------------------------------------- <? include ("$root/library/lib_nav.php"); include ("$root/library/lib_mods.php"); include ("$root/library/lib_admin.php"); include ("$root/library/lib_3rd.php"); [...] ---------------------------------------- inbox.php, update.php and all the members AREA : --------------------------------------------------- [...] if (!isset($HTTP_COOKIE_VARS["dcp5_member_id"])) { header ("Location: login.php"); exit(); } [...] --------------------------------------------------- Admin area (/admin/*.php) : -------------------------------------------------- if ($HTTP_COOKIE_VARS["dcp5_member_admin"] != 5) { header("Location: index.php"); exit(); } -------------------------------------------------- More details about Solutions & Exploits : 00000000000000000000000000000000000000000 In French : http://www.frog-man.org/tutos/DCP-Portal.txt Translated by Google : http://translate.google.com/translate?u=http%3A%2F%2Fwww.frog-man.org%2Ftutos%2FDCP-Portal.txt&langpair=fr%7Cen&hl=en&ie=ISO-8859-1&prev=%2Flanguage_tools frog-m@n http://www.phpsecure.org _________________________________________________________________ MSN Search, le moteur de recherche qui pense comme vous ! http://search.msn.fr/worldwide.asp ------------------------------ End of this Digest ****************** -- Raj Mathur [EMAIL PROTECTED] http://kandalaya.org/ It is the mind that moves ------------------------------------------------------- This SF.NET email is sponsored by: SourceForge Enterprise Edition + IBM + LinuxWorld = Something 2 See! http://www.vasoftware.com _______________________________________________ linux-india-help mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/linux-india-help
