PHPX admin/forums.php CSRF Arbitrary Command Execution

2004-05-04T04:47:27
ID OSVDB:5911
Type osvdb
Reporter JeiAr(jeiar@gulftech.org)
Modified 2004-05-04T04:47:27

Description

Vulnerability Description

PHPX contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to the /admin/forums.php script not properly sanitizing arguments or validating user identity. With a specially crafted URL, an attacker can potentially execute custom commands by posting it to a message forum that will be read by the administrator. Upon reading the message, the malicious URL will be processed and executed with administrative privileges.

Solution Description

Upgrade to version 3.3.0 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Short Description

PHPX contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to the /admin/forums.php script not properly sanitizing arguments or validating user identity. With a specially crafted URL, an attacker can potentially execute custom commands by posting it to a message forum that will be read by the administrator. Upon reading the message, the malicious URL will be processed and executed with administrative privileges.

Manual Testing Notes

http://[victim]/admin/forums.php?action=words&subaction=delete&word_id=[VID] http://[victim]/admin/forums.php?action=flag&subaction=delete&flag_id=[VID] http://[victim]/admin/forums.php?action=xcode&subaction=delete&xcode_id=[VID]

References:

Vendor URL: http://www.phpx.org/ Secunia Advisory ID:11554 Related OSVDB ID: 5903 Related OSVDB ID: 5905 Related OSVDB ID: 5910 Related OSVDB ID: 5906 Related OSVDB ID: 5909 Related OSVDB ID: 5904 Related OSVDB ID: 5907 Related OSVDB ID: 5908 Other Advisory URL: http://gulftech.org/05042004.php CVE-2004-2364 Bugtraq ID: 10284