PhpSmsSend remote execute commands bug

Type securityvulns
Reporter Securityvulns
Modified 2002-01-30T00:00:00


---[ PhpSmsSend remote execute commands bug

---[ About PhpSmsSend

PhpSmsSend is a frontend to the SmsSend application. It consists of a .php file, from which you select one of the available scripts, and then you can send an SMS wherever you want, all around the world.

PhpSmssend's website is

---[ Affected System

PhpSmsSystem Version 1.00

---[ Description

from file .php :

  $str = SMSSEND." ".SCRIPTSPATH.$script." $params -- -d 0 ".PROXY;

if the sms messages contain a backtick "`" then inside of backtick will be execute as a system command.

the result of the command will send via sms :), so the command output should be less than 160 characters to send via sms, but if the command using pipe (ex : cat /etc/passwd|mail or redirection then the messages status is successfully :)

---[ Greetz

my Guru GaniSalman, my friend OpsCrew, #indoSniffing and

medanHacking (DalNet), Fate Research Labs (, LUG STIKOM

(, and the owner