Bugtraq mailing list archives
Network Tool 0.2 Addon for PHPNuke vulnerable to remote command execution
From: Cabezon Aurélien <aurelien.cabezon () isecurelabs com>
Date: Fri, 16 Nov 2001 18:49:15 +0100
--[ Network Tool 0.2 Addon for PHPNuke vulnerable to remote command execution ]-- Problem discovered: 16/11/2001 by Cabezon Aurélien | aurelien.cabezon () iSecureLabs com http://www.isecurelabs.com/article.php?sid=209 --[ Description ]-- This Phpnuke addon includes web frontends for the following *nix commands: - Nmap - Ping - Traceroute. --[ Problem ]-- Network Tool 0.2 does not check for special meta-characters like &;`'"|*?~<>^()[]{}$ comming from the $hostinput variable. Asking the Php script for Pinging, Nmap, or traceroute this kind of adresse <www.somehost.com;ls -al> will allow any user to run " ls -al " command as whatever user runs the web server. --[ Fix ]-- Coders have been alerted Temp fix: $hostinput = system(escapeshellcmd($hostinput)); --[ Informations about Network Tool 0.2 ]-- http://phpnukerz.org/modules.php?name=Downloads&d_op=viewsdownload&sid=32 Author: Rick Fournier (rick () help-desk ca) --- Cabezon Aurélien http://www.iSecureLabs.com aurelien.cabezon () iSecureLabs com
Current thread:
- Network Tool 0.2 Addon for PHPNuke vulnerable to remote command execution Cabezon Aurélien (Nov 16)