QuickBlogger Include File Flaw in 'acc.php' Lets Remote Users Execute Arbitrary Code
|
|
SecurityTracker Alert ID: 1016934
|
|
SecurityTracker URL: http://securitytracker.com/id?1016934
|
|
CVE Reference: CVE-2006-5081
(Links to External Site)
|
Updated: Jun 3 2008
|
Original Entry Date: Sep 27 2006
|
Impact: Execution of arbitrary code via network, User access via network
|
Exploit Included: Yes
|
Version(s): 1.4
|
Description: A vulnerability was reported in QuickBlogger. A remote user can include and execute arbitrary code on the target system.
The 'acc.php' script does not properly validate user-supplied input in the 'page' parameter. A remote user can supply a specially
crafted URL to cause the target system to include and execute arbitrary PHP code from a remote location. The PHP code, including
operating system commands, will run with the privileges of the target web service.
You_You discovered this vulnerability.
A
demonstration exploit URL is provided:
http://[target]/[path]/acc.php?page=Sh3ll
|
Impact: A remote user can execute arbitrary PHP code and operating system commands on the target system with the privileges of the target web service.
|
Solution: No solution was available at the time of this entry.
|
Cause: Input validation error, State error
|
Underlying OS: Linux (Any), UNIX (Any), Windows (Any)
|
Reported By: h4ck3riran@yahoo.com
|
Message History:
None.
|
Source Message Contents
|
Date: Mon, 25 Sep 2006 20:12:38 +0000
From: h4ck3riran@yahoo.com
Subject: QB ( QuickBlogger ) =>1.4 Remote File Include Vulnerabilities
|
# QB ( QuickBlogger ) =>1.4 Remote File Include Vulnerabilities
# Script.............. :QB ( QuickBlogger )
# Discovered By.... :You_You
# Location .......... : Iran
# Class.............. : Remote
# <Spical TNX : O.U.T.L.A.W , A.r.i.a , Sh3ll , T3rr0r1st
# CodE :
<?
include $page;
?>
# ExPloit :
Www.Site.coM/[path]/acc.php?page=Sh3ll
|
|
