phpLinks mail() abuse Vulnerability

[mindwarper () hush com]

phpLinks mail() abuse Vulnerability ( By Mindwarper :: mindwarper () hush com :: )

<------- ------->

----------------------
Vendor Information:
---------------------- 

Homepage : http://www.destiney.com
Vendor : Could not be informed (Host not found)
Mailed advisory: 09/01/20
Vender Response : None
----------------------
Affected Versions:
----------------------

All 2.X versions


----------------------
Vulnerability:
----------------------


|PhpLinks has an email_confirmation file located in the /include/ directory which is used to
notify the users that they have signed up correctly. An exploit has been discovered in the 
file email_confirmation.php which works as following: An attacker may call this file directly 
(when it should really be included) and hijack the variables in such way that he/she may abuse 
the mail() function. By using the example bellow, any person can use the server's smtp service.
without permission.

http:/victim.com/phplinks/include/email_confirmation.php?UserName=anyone&Email=target () mail com&
site_title=test_&email_confirmation_2=Hello&owner_name=bu&owner_email=I_Own_j0u () victim com


Side-note: An attacker may also use this file for XSS attack on the server.

----------------------
Solution:
---------------------- 

Please check the vendor's website for new patches.

As a temporary solution, create a .htaccess file that contains 'Deny from all'.
Place it in the /include/ directory and that should block remote users from accessing it.



- Mindwarper



Concerned about your privacy? Follow this link to get
FREE encrypted email: https://www.hushmail.com/?l=2 

Big $$$ to be made with the HushMail Affiliate Program: 
https://www.hushmail.com/about.php?subloc=affiliate&l=427