NI3
11-13-2003, 01:30 PM
Security-Corporation ID : SC-0747
Author : r00t <[Only registered and activated users can see links]>
Product : PHP-Coolfile
Source Message Contents :
/************************************
**---------------------------------**
** RusH security team advisory **
**---------------------------------**
** [Only registered and activated users can see links] **
** [Only registered and activated users can see links] **
************************************/
/***********************************/
Product: PHP-Coolfile
Version: 1.4
Vuln: unauthorized access
OffSite: [Only registered and activated users can see links]
/***********************************/
Date: 11/11/2003
Author: 1dt.w0lf // RsT
/***********************************/
Problem:
========
Bug found in action.php file (string 96):
[scip]
if (@$action == "edit") { edit_file($file, $basename, @$filename); }
if (@$action == "copy") { [scip] }
if (@$action == "print_chmod") { [scip] }
elseif ((@md5($uin) != session_id()) | (!@$uin)) { print "Access denied!"; } # 96
string
[scip]
last string (96) don't work if $action="copy" or any other...
Overview:
=========
Any can view config.php file and get administration login and password
Example:
[Only registered and activated users can see links]
Solution:
=========
1. Delete 96 string.
2. copy this code in 23 string of action.php file
if ((@md5($uin) != session_id()) OR (!@$uin)) { print "Access denied!"; exit;
}
/***********************************/
U can view RU version of this text
on our site [Only registered and activated users can see links]
/***********************************/
Contacts:
1dt.w0lf - idtwolf pisem net
RusH team - r00t rsteam ru
/***********************************/
Author : r00t <[Only registered and activated users can see links]>
Product : PHP-Coolfile
Source Message Contents :
/************************************
**---------------------------------**
** RusH security team advisory **
**---------------------------------**
** [Only registered and activated users can see links] **
** [Only registered and activated users can see links] **
************************************/
/***********************************/
Product: PHP-Coolfile
Version: 1.4
Vuln: unauthorized access
OffSite: [Only registered and activated users can see links]
/***********************************/
Date: 11/11/2003
Author: 1dt.w0lf // RsT
/***********************************/
Problem:
========
Bug found in action.php file (string 96):
[scip]
if (@$action == "edit") { edit_file($file, $basename, @$filename); }
if (@$action == "copy") { [scip] }
if (@$action == "print_chmod") { [scip] }
elseif ((@md5($uin) != session_id()) | (!@$uin)) { print "Access denied!"; } # 96
string
[scip]
last string (96) don't work if $action="copy" or any other...
Overview:
=========
Any can view config.php file and get administration login and password
Example:
[Only registered and activated users can see links]
Solution:
=========
1. Delete 96 string.
2. copy this code in 23 string of action.php file
if ((@md5($uin) != session_id()) OR (!@$uin)) { print "Access denied!"; exit;
}
/***********************************/
U can view RU version of this text
on our site [Only registered and activated users can see links]
/***********************************/
Contacts:
1dt.w0lf - idtwolf pisem net
RusH team - r00t rsteam ru
/***********************************/