Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

OS2A-1001.txt

🗓️ 09 Aug 2005 00:00:00Reported by Packet StormType 
packetstorm
 packetstorm🔗 packetstormsecurity.com👁 29 Views

ePing plugin vulnerability in e107 content management syste

Code
`OS2A  
  
ePing Arbitrary File Creation/Command Execution Vulnerability  
  
  
OS2A ID: OS2A_1001 Status Published: 08/04/2005 Updated : 08/05/2005   
Patch Released  
  
Class: File Creation/Command Execution   
Severity: CRITICAL  
  
  
Overview:  
ePing is a ping utility plugin for e107, a PHP-based content management system that uses a MySQL backend database. ePing versions 1.02 and prior are vulnerable to a file creation vulnerability caused by improper validation of user-supplied input in the doping.php script. A remote attacker exploiting this vulnerability could then create an arbitrary file in the webserver, pipe multiple system commands in the eping_host or the eping_count parameters of the doping.php script, which would be executed within the security context of the hosting site.  
  
eTrace, another utility plugin for e107 has similar vulnerabilities.  
  
Description:  
e107 portal's eping plugin 1.02 and prior is prone to remote command execution vulnerability. This vulnerability exists due to output redirection operators like '>', '|', '&' are not being sanitized in eping_host,eping_count parameters in the doping.php script.   
  
eping_host has a validate function in functions.php which does not consider the above mentioned case.   
  
eping_count has no validation logic. It accepts the above mentioned system meaningful characters.   
  
  
Impact:  
A remote user can execute any command using '|' character or create a file with malicious executable code with '>' character. Execution of arbitrary command or creation of arbitrary files can lead to, Denial of service, Disclosure or   
modification of system information or Execution of arbitrary code.  
  
  
Affected Systems:  
ePing version 1.02 and prior  
Linux (Any), Unix (Any), Windows (Any)  
  
  
Exploit:  
  
a.   
http://example.com/e107/e107_plugins/eping/doping.php?eping_cmd=ping%20-n&eping_host=127.0.0.1&eping_count=2%20%22%3C?php%20system(%94cmd.exe%94)?%3E%22%20%3Etest.php  
  
b.  
http://example.com/e107/e107_plugins/eping/doping.php?eping_cmd=ping%20-n&eping_host=127.0.0.1&eping_count=2|dir  
  
  
Solutions:  
Patch:  
Upgrade to the version 1.03 of ePing and eTrace plugins.   
`

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
09 Aug 2005 00:00Current
7.4High risk
Vulners AI Score7.4
arbitrary file creationcommand executionphp-basedcontent management systemremote exploitationplugin vulnerabilitysystem commandpatch releaseversion 1.03mysql backendsecurity contextoutput redirectionvalidation logicdenial of serviceoperating systemsupgrade.
29