[Please patch if you use PHPMyPub -- Raju] This is an RFC 1153 digest. (1 message) ----------------------------------------------------------------------
Message-ID: <[EMAIL PROTECTED]> From: "Frog Man" <[EMAIL PROTECTED]> To: [EMAIL PROTECTED] Subject: PHPMyPub (PHP) Date: Sun, 19 Jan 2003 18:51:01 +0100 Informations : �������������� Website : http://phpmypub.free.fr Version : 1.2.0 Problem : Admin access PHP Code/Location : ������������������� admin/index.php : ------------------------------------------------------------------------ [...] $auth = $HTTP_COOKIE_VARS["adminpub"]; if (!$auth) { if ($formulaire) { if ($pass==$admin_pass) { setcookie("adminpub", "true"); $ADMIN_MODE = true; } else { [...] exit; } } [...] ------------------------------------------------------------------------ Exploit : ��������� Set cookie (name='adminpub', value='1') on http://[target]/admin/index.php . Patch : ������� A patch can be found on http://www.phpsecure.info. More details : �������������� In French : http://www.frog-man.org/tutos/PHPMyPub.txt Translated by Google : http://translate.google.com/translate?u=http%3A%2F%2Fwww.frog-man.org%2Ftutos%2FPHPMyPub.txt&langpair=fr%7Cen&hl=en&ie=ISO-8859-1&prev=%2Flanguage_tools frog-m@n _________________________________________________________________ MSN Messenger : discutez en direct avec vos amis ! http://www.msn.fr/msger/default.asp ------------------------------ End of this Digest ****************** -- Raj Mathur [EMAIL PROTECTED] http://kandalaya.org/ It is the mind that moves ------------------------------------------------------- This SF.net email is sponsored by: Scholarships for Techies! Can't afford IT training? All 2003 ictp students receive scholarships. Get hands-on training in Microsoft, Cisco, Sun, Linux/UNIX, and more. www.ictp.com/training/sourceforge.asp _______________________________________________ linux-india-help mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/linux-india-help
