artmedic hpmaker Include File Error Lets Remote Users Execute Arbitrary Commands
|
|
SecurityTracker Alert ID: 1009930
|
|
CVE Reference: GENERIC-MAP-NOMATCH
(Links to External Site)
|
Date: Apr 23 2004
|
Impact: Disclosure of system information, Disclosure of user information, Execution of arbitrary code via network, User access via network
|
Description: A vulnerability was reported in artmedic hpmaker. A remote user can execute arbitrary commands on the target system.
DarkBicho reported that the 'index.php' script includes the 'start.htm' file without validating the location of the file. A remote
user can create a specially crafted URL that will cause the target server to include and execute arbitrary PHP code, including operating
system commands. The code will run with the privileges of the target web service.
A remote user can also exploit this flaw to
view files on the target system with the privileges of the web service. A demonstration exploit URL is provided:
http://[victim_host]/index.php?p=../../../../../../..
/../etc/passwd
The original advisory is available at:
http://bichosoft.webcindario.com/advisory-01.txt
|
Impact: A remote user can view arbitrary files on the target system with the privileges of the target web service.
A remote user can execute
arbitrary PHP code and operating system commands on the target system with the privileges of the target web service.
|
Solution: No solution was available at the time of this entry.
|
Vendor URL: www.artmedic-webdesign.de/scripts/artmedic_hpmaker.php (Links to External Site)
|
Cause: Input validation error, State error
|
Underlying OS: Linux (Any), UNIX (Any), Windows (Any)
|
|
Message History:
None.
|
Source Message Contents
|
Date: Fri, 23 Apr 2004 13:57:36 -0400
Subject: http://bichosoft.webcindario.com/advisory-01.txt
|
http://bichosoft.webcindario.com/advisory-01.txt
VULNERABILITIES IN ARTMEDIC HPMAKER FILE INCLUSION VULNERABILITY
Affected software description:
-------------------------------
artmedic homepagemaker
autor: artmedic webdesign
web: http://www.artmedic-webdesign.de/hp-maker/
Vulnerabilities:
-----------------
The vulnerable of code is in the index.php script
-----------------------------------------------------------
<?php
if(!isset($_GET['p'])) {include("start.htm");}
else
{include("$_GET[p]");}
?>
-----------------------------------------------------------
Details :
-------
If the remote file is a malicious PHP script, this may allow for the execution
of attacker-supplied PHP code with the privileges of the web server. Successful
exploitation may provide unauthorized remote access to the attacker. This issue
may also be exploited to remotely view files on the vulnerable host.
Example:
-----------
An example of an HTTP request that can exploit this vulnerability is:
http://[victim_host]/index.php?p=../../../../../../../../etc/passwd
Greetings:
----------
Greetings to the people of of peru specially a security wary proyects
http://www.swp-zone.org and a http://www.perunderforce.tk
Contact:
-------
DarkBicho
darkbicho@msn.com
Homepage: http://www.darkbicho.tk
---------------------------------- [ EOF ] ------------------------------------
|
|
