? Details : If an attacker access /code/inc_header.php directly , he can
bypass $gTopNomBer variable.(Register_globals must be ?on?)
Problem is about not defining or filtering the variable.
? Proof Of Concept : access /code/inc_header.php like
inc_header.php?gTopNombre=?><script>alert(document.cookie)</script>
and print user?s cookie.So an attacker can escape admin?s cookie.
? Release Date: 2006/02/28
? Contacted to vendor : 2006/02/28
Feedback :
If you have additional information or notice any errors regarding this security advisory, please use contact form or email us at info()securityreason()com.