Home    |    View Topics    |    Search    |    Contact Us    |   



Category:   Application (Generic)  >   Opt-X Vendors:   Opt-X Project
Opt-X Include File Hole Lets Remote Users Execute Arbitrary Code on the Target System
SecurityTracker Alert ID:  1009194
SecurityTracker URL:
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Feb 24 2004
Impact:   Execution of arbitrary code via network, User access via network
Exploit Included:  Yes  
Version(s): 0.7.2
Description:   G00db0y from Zone-h Security Labs reported an include file vulnerability in Opt-X. A remote user can execute arbitrary PHP code on the target system.

It is reported that the '/includes/header.php' file includes the '/includes/menu.php' file relative to the $systempath variable. A remote user can specify a remote location for the $systempath variable to cause '/includes/menu.php' on the remote location to be included and executed on the target system with the privileges of the target web service.

A demonstration exploit URL is provided:


The vendor has reportedly been notified.

Impact:   A remote user can cause arbitrary PHP code, including operating system commands, to be executed on the target system with the privileges of the web service.
Solution:   No solution was available at the time of this entry.
Vendor URL: (Links to External Site)
Cause:   Input validation error, State error
Underlying OS:  Linux (Any), UNIX (Any)

Message History:   None.

 Source Message Contents

Subject:  ZH2004-10SA (security advisory): file inclusion vulnerability in

ZH2004-10SA (security advisory): file inclusion vulnerability in Opt-X

Discovered: 10 february 2004

Vendor contacted: 15 february 2004

Published: 24 february 2004

Name: Opt-X

Affected System: 0.7.2

Issue: file inclusion vulnerability

Author: G00db0y from Zone-h Security Labs - -




Zone-H Security Team has discovered a flaw in Opt-X. There is a vulnerability in the 
current version of Opt-x that allows an attacker to influence the include path for PHP
scripts. This cuold be exploited to include a malicious script that is hosted on an 
attacker-controlled server. allowing for execution of arbitrary code in the context of
the web server. "Opt-X is primarily a network monitoring tool for content/urls and network 
services, but it also has some other functions such as, task list, server list,
log changes for servers and a vendor list".



There's a file inclusion vulnerability in the /includes/header.php file, line 57:

<?php include("".$systempath."/includes/menu.php"); ?>

Is it possible for a remote attacker to include an external file and execute arbitrary 
commands with the privileges of the webserver (nobody by default).

To test the vulnerability try this:


In this way the file "http://attackersite/includes/menu.php" will be included and executed 
on the vulnerable server.



The vendor has been contacted and a patch was not yet produced.


G00db0y from Zone-h Security Labs - -


Go to the Top of This SecurityTracker Archive Page

Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2021, LLC