[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <4ABA2A69.6060106@fm.ul.pt>
Date: Wed, 23 Sep 2009 15:02:17 +0100
From: ยป Ruben Alves <rubenalves@...ul.pt>
To: Anastasios Monachos <anastasiosm@...il.com>
Cc: full-disclosure@...ts.grok.org.uk
Subject: Re: PHP file vulnerable on SMF 1.1.10
I had the same kind of files in my SMF forum. I've never uploaded files
with a "~" at the end. In my opinion, that happens when the admin
updates a SMF forum (with the webadmin panel).
Anyway, the critical file "Settings.php" is not viewable.
Anastasios Monachos wrote:
> When editing a file with vi or other editors it creates a temporary
> version of the original appending next the filename a tilde (~), looks
> to me that's the case.
>
> 2009/9/23 bro <tweetycoaster@...il.com <mailto:tweetycoaster@...il.com>>
>
> In Simple Machine Forum application version 1.1.10,
> everybody can see some PHP files as like as index.php by any browsers
> just added "~" symbol to end of filename.
> examples:
> http://vulnsite.com/path_of_SMF/index.php~
> <http://vulnsite.com/path_of_SMF/index.php%7E>
> http://vulnsite.com/path_of_SMF/ssi_examples.php~
> <http://vulnsite.com/path_of_SMF/ssi_examples.php%7E>
> http://vulnsite.com/path_of_SMF/SSI.php~
> <http://vulnsite.com/path_of_SMF/SSI.php%7E>
>
>
> --
> I will never let you go ...
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>
>
>
>
> --
> AM
> Key ID: 0x5EB17EE7
> ------------------------------------------------------------------------
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists