PhpDig 1.6.x: remote command execution
From: FraMe (frame_at_hispalab.com)
Date: 01/14/04
- Previous message: Dirk Mueller: "KDE Security Advisory: VCF file information reader vulnerability"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: <bugtraq@securityfocus.com> Date: Wed, 14 Jan 2004 18:14:15 +0100
Product: PhpDig 1.6.x
Vendor: phpdig.net
Author: FraMe ( frame at kernelpanik.org )
URL: http://www.kernelpanik.org
CONTENTS
1. Overview
2. Description.
3. Details
4. Patches.
1. Overview.
PhpDig is a http spider/search engine written in Php with a MySql
database in backend. PhpDig builds a glossary with the key words
found in indexed pages. On a search query, it displays a result
page with documents which contains the search keys, ranked by occurence.
2. Description.
PhpDig 1.6.x allow remote command execution in ./includes/config.php
Anybody can inject a url in $relative_script_path and obtain command
execution with web server privileges ( usually nobody ).
3. Details.
PhpDig 1.6.x
from ./includes/config.php:
===========================
(..)
//includes language file
if (is_file("$relative_script_path/locales/$phpdig_language-language.php"))
{include "$relative_script_path/locales/$phpdig_language-language.php";}
else
{include "$relative_script_path/locales/en-language.php";}
(..)
//includes of libraries
include "$relative_script_path/libs/phpdig_functions.php";
include "$relative_script_path/libs/function_phpdig_form.php";
include "$relative_script_path/libs/mysql_functions.php";
(..)
4. Patches
a) .htaccess in ./includes
b) Php globals off (Default in Php > 4.2)
c) Unofficial patch for config.php can be downloaded from:
http://www.kernelpanik.org/code/kernelpanik/phpdig.zip
==============================
[ FraMe - frame at kernelpanik.org ]
[ URL - http://frame.lifefromthenet.com ]
[ Kernelpanik - http://www.kernelpanik.org ]
[ PGP KeyID - 0xFA81AC9C ]
==============================
- Previous message: Dirk Mueller: "KDE Security Advisory: VCF file information reader vulnerability"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
