lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20060602004948.21414.qmail@securityfocus.com>
Date: 2 Jun 2006 00:49:48 -0000
From: nukedx@...edx.com
To: bugtraq@...urityfocus.com
Subject: Re: Re: # MHG Security Team --- PHP NUKE All version Remote File Inc.


Yeah,its so weird. vulnerable code in pagestart.php at line 68.
http://victim/modules/Forums/admin/admin_styles.php?phpbb_root_path=2
Warning: main(2common.php): failed to open stream: No such file or directory in C:\Inetpub\vhosts\victim\httpdocs\modules\Forums\admin\pagestart.php on line 68
Just edited victim for security purposes.
in pagestart.php at lines 67-68:
...
include("../../../mainfile.php");
include($phpbb_root_path.'common.'.$phpEx);
...
So it includes mainfile.php and i think this is making vulnerability.
in mainfile.php at lines 54-56
...
if (!ini_get("register_globals")) { 
    import_request_variables('GPC'); 
}
...
I tried it on some servers.It didnt work but for some worked, and all this servers has register_globals off and magic_quotes_gpc on.
This is so weird problem..
Regards,
Mustafa Can Bjorn IPEKCI (nukedx a.k.a nuker)


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ