Re: phpFormGenerator

["<...>" <massimo () grandmedia si>]

so now we know where to look for new faults ;-)

----- Original Message ----- 
From: "pingywon" <pingywon () hotmail com>
To: "Morning Wood" <se_cur_ity () hotmail com>; 
<full-disclosure () lists grok org uk>
Sent: Friday, June 30, 2006 11:32 PM
Subject: Re: [Full-disclosure] phpFormGenerator


> "btw.. just so that you know, i have been on openbsd's development
> > team, written the opengl kit for the openbeos OS project (now Haiku),
> > and am an official GNU maintainer:
> > http://www.gnu.org/people/people.html (search for my name) ... what
> > you should be doing is thinking about how contributing to the
> > opensource community and not being a bitch.""
>
>
> ...just so you KNOW
>
> see how popular he is...there cant be any flaws in his software.....hes 
> popular
>
> ~pingywon MCSE
> www.pingywon.com
> www.illmob.org
> www.freeillwill.com
>
>
>
>
> ----- Original Message ----- 
> From: "Morning Wood" <se_cur_ity () hotmail com>
> To: <full-disclosure () lists grok org uk>
> Sent: Friday, June 30, 2006 5:11 PM
> Subject: [Full-disclosure] phpFormGenerator
>
>
> >      - EXPL-A-2006-004 exploitlabs.com Advisory 049 -
> >                            - phpFormGenerator -
> >
> >
> >
> >
> > AFFECTED PRODUCTS
> > =================
> > phpFormGenerator < v2.09
> > http://phpformgen.sourceforge.net/
> >
> >
> > OVERVIEW
> > ========
> > phpFormGenerator is an easy-to-use tool to create reliable and efficient 
> > web forms in a snap. No programming of any sort is required. Just follow 
> > along the phpFormGenerator wizard and at the end, you will have a fully 
> > functional web form!
> >
> > note:
> > as stated by the vendor this script is widely used with cPanel
> > and other hosting provider solutions.
> >
> >
> >
> > DETAILS
> > =======
> > phpFormGenerator by default installs all directories
> > as chmod 777 and will not function if they are not set as such.
> >
> > in the readme:
> > "3. Set read+write+execute file permissions on the 'forms'
> > directory and *everything* inside it (including all subdirectories and 
> > files)
> >
> > UNIX:
> > chmod -R 777 forms"
> >
> > in process2.php:
> > "please make sure that the forms directory (and everything in it)
> > has read+write access. you can achieve this by issuing the following
> > command on linux/unix:
> > chmod -R 777 forms"
> >
> >
> > researcher note:
> > when the applications directories are not set 777 the app errors with:
> >
> >
> > "File and Directory permissions The forms directory is not writeable.
> > The forms/admin directory is not writeable.
> > The use directory is not writeable.
> > Please give read+write permissions to all the files
> > and directories mentioned above. Refresh this page
> > after you have done so."
> >
> >
> > SOLUTION
> > ========
> > vendor contact:
> > Musawir Ali" musawir () gmail com June 30, 2006
> >
> > patch: none ( see vendor response )
> >
> >
> > VENDOR RESPONSE
> > ===============
> > "there are no security flaws ... if you had taken a moment to think,
> > you would realize that a a major software company such as cPanel would
> > not be shipping phpFormGenerator with their scripts if it had flaws.
> > In any case, the program has been thoroughly tested by myself and
> > other security experts and is not known to have any issues.
> >
> > 777 is never forced, the suggested method is to give write permissions
> > to the group the process belongs to.
> > upload function is "insecure". arbitrary php functions are insecure...
> > could you be any more vague? You seem to be one of those ignorant
> > nuts who shout slogans like "windows sucks" "linux owns" "your server
> > is insecure" without realizing the garbage spooling out of your mouth.
> >
> > you're wasting my time.
> > btw.. just so that you know, i have been on openbsd's development
> > team, written the opengl kit for the openbeos OS project (now Haiku),
> > and am an official GNU maintainer:
> > http://www.gnu.org/people/people.html (search for my name) ... what
> > you should be doing is thinking about how contributing to the
> > opensource community and not being a bitch."
> >
> >
> >
> > PROOF OF CONCEPT
> > ================
> > 1.browse to the default install directory
> >
> > 2.create new form with the "file upload" function
> >
> > 3.complete the form using "Insert data to MySQL database table? = no"
> >
> > 4.as directed browse to 
> > "http://[host]/[appdir]/[newform_name]/form1.html";
> >
> > 5.upload phpshell type of script
> >
> > 6.if you supplied an email address, the link will be sent to you
> >
> > http://[host]/[appdir]/[newform_name]/files/thescript_name_generated.php
> >
> >
> > CREDITS
> > =======
> > This vulnerability was discovered and researched by Donnie Werner of 
> > exploitlabs
> >
> > Donnie Werner
> > Information Security Specialist
> > wood () exploitlabs com
> > morning_wood () zone-h org
> >
> > --
> > web: http://exploitlabs.com
> >
> > http://exploitlabs.com/files/advisories/EXPL-A-2006-004-phpformgen.txt
> >
> > _______________________________________________
> > Full-Disclosure - We believe in it.
> > Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> > Hosted and sponsored by Secunia - http://secunia.com/
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/