Bugtraq mailing list archives
phpLinks mail() abuse Vulnerability
From: mindwarper () hush com
Date: Mon, 20 Jan 2003 04:11:19 -0800
phpLinks mail() abuse Vulnerability ( By Mindwarper :: mindwarper () hush com :: ) <------- -------> ---------------------- Vendor Information: ---------------------- Homepage : http://www.destiney.com Vendor : Could not be informed (Host not found) Mailed advisory: 09/01/20 Vender Response : None ---------------------- Affected Versions: ---------------------- All 2.X versions ---------------------- Vulnerability: ---------------------- |PhpLinks has an email_confirmation file located in the /include/ directory which is used to notify the users that they have signed up correctly. An exploit has been discovered in the file email_confirmation.php which works as following: An attacker may call this file directly (when it should really be included) and hijack the variables in such way that he/she may abuse the mail() function. By using the example bellow, any person can use the server's smtp service. without permission. http:/victim.com/phplinks/include/email_confirmation.php?UserName=anyone&Email=target () mail com& site_title=test_&email_confirmation_2=Hello&owner_name=bu&owner_email=I_Own_j0u () victim com Side-note: An attacker may also use this file for XSS attack on the server. ---------------------- Solution: ---------------------- Please check the vendor's website for new patches. As a temporary solution, create a .htaccess file that contains 'Deny from all'. Place it in the /include/ directory and that should block remote users from accessing it. - Mindwarper Concerned about your privacy? Follow this link to get FREE encrypted email: https://www.hushmail.com/?l=2 Big $$$ to be made with the HushMail Affiliate Program: https://www.hushmail.com/about.php?subloc=affiliate&l=427
Current thread:
- phpLinks mail() abuse Vulnerability mindwarper (Jan 23)