SecurityTracker.com
Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |    Help    |   

SecurityTracker
Archives


Welcome to SecurityTracker!
 
Click to Sign Up
Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Affiliates
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Report a Bug
Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com
Questions?
Want to learn about SecurityTracker? We've got answers to frequently asked questions right here
Sign Up!





Category:  Application (Web Server/CGI)  >  PhpSmsSend Vendors:  Calmejane, Christophe
(Vendor Issues Fix) Re: PhpSmsSend Front-End to SmsSend Allows Remote Users to Execute Arbitrary System Commands on the Server
SecurityTracker Alert ID:  1004349
CVE Reference:  GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  May 22 2002
Impact:  Execution of arbitrary code via network, User access via network
Fix Available:  Yes   Vendor Confirmed:  Yes  
Version(s): 1.00
Description:  A vulnerability was reported in the PhpSmsSend frontend to SmsSend. A user can execute arbitrary commands on the web server.

A remote user can supply an SMS message to the PhpSmsSend application to execute arbitrary shell commands on the web server. This is reportedly due to the following code from file.php :

$str = SMSSEND." ".SCRIPTSPATH.$script." $params -- -d 0 ".PROXY;
system($str,$res);

A remote user can enter an SMS message containing a backtick character ("`") so that the text following the backtick (and preceding the next backtick) will be executed by the system() call.

The command will be executed with the privileges of the web server.
Impact:  A user can execute arbitrary system commands on the web server with the privileges of the web server.
Solution:  The vendor has released a fixed version (1.02), available at:

http://zekiller.skytech.org/fichiers/smssend/phpsmssend-1.02.tar.gz
Vendor URL:  zekiller.skytech.org/smssend.php (Links to External Site)
Cause:  Input validation error
Underlying OS:  Linux (Any), UNIX (Any)

Message History:   This archive entry is a follow-up to the message listed below.
Jan 30 2002 PhpSmsSend Front-End to SmsSend Allows Remote Users to Execute Arbitrary System Commands on the Server


 Source Message Contents
Date:  Tue, 21 May 2002 14:18:02 -0400
Subject:  PhpSmsSend 1.02

 

  PhpSmsSend 1.02
  by Ze KiLleR (http://freshmeat.net/users/zekiller/)
  Monday, May 20th 2002 11:43

Communications Internet :: WWW/HTTP Utilities

About: PhpSmsSend is a frontend to the SmsSend  application. It consists
of a .php file, from which  you select one of the available scripts, and
then you can send an SMS wherever you want, all  around the world.

Changes: A security issue concerning the remote execution of any shell
command has been fixed. A character counter has been added to the
message field. 

License: GNU General Public License (GPL)

URL: http://freshmeat.net/projects/phpsmssend/


Go to the Top of This SecurityTracker Archive Page



Home   |    View Topics   |    Search   |    Contact Us   |    Help

Copyright 2002, SecurityGlobal.net LLC