lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Fri Jun 30 22:32:49 2006
From: pingywon at hotmail.com (pingywon)
Subject: phpFormGenerator

"btw.. just so that you know, i have been on openbsd's development
> team, written the opengl kit for the openbeos OS project (now Haiku),
> and am an official GNU maintainer:
> http://www.gnu.org/people/people.html (search for my name) ... what
> you should be doing is thinking about how contributing to the
> opensource community and not being a bitch.""


...just so you KNOW

see how popular he is...there cant be any flaws in his software.....hes 
popular

~pingywon MCSE
www.pingywon.com
www.illmob.org
www.freeillwill.com




----- Original Message ----- 
From: "Morning Wood" <se_cur_ity@...mail.com>
To: <full-disclosure@...ts.grok.org.uk>
Sent: Friday, June 30, 2006 5:11 PM
Subject: [Full-disclosure] phpFormGenerator


>      - EXPL-A-2006-004 exploitlabs.com Advisory 049 -
>                            - phpFormGenerator -
>
>
>
>
> AFFECTED PRODUCTS
> =================
> phpFormGenerator < v2.09
> http://phpformgen.sourceforge.net/
>
>
> OVERVIEW
> ========
> phpFormGenerator is an easy-to-use tool to create reliable and efficient 
> web forms in a snap. No programming of any sort is required. Just follow 
> along the phpFormGenerator wizard and at the end, you will have a fully 
> functional web form!
>
> note:
> as stated by the vendor this script is widely used with cPanel
> and other hosting provider solutions.
>
>
>
> DETAILS
> =======
> phpFormGenerator by default installs all directories
> as chmod 777 and will not function if they are not set as such.
>
> in the readme:
> "3. Set read+write+execute file permissions on the 'forms'
> directory and *everything* inside it (including all subdirectories and 
> files)
>
> UNIX:
> chmod -R 777 forms"
>
> in process2.php:
> "please make sure that the forms directory (and everything in it)
> has read+write access. you can achieve this by issuing the following
> command on linux/unix:
> chmod -R 777 forms"
>
>
> researcher note:
> when the applications directories are not set 777 the app errors with:
>
>
> "File and Directory permissions The forms directory is not writeable.
> The forms/admin directory is not writeable.
> The use directory is not writeable.
> Please give read+write permissions to all the files
> and directories mentioned above. Refresh this page
> after you have done so."
>
>
> SOLUTION
> ========
> vendor contact:
> Musawir Ali" musawir@...il.com June 30, 2006
>
> patch: none ( see vendor response )
>
>
> VENDOR RESPONSE
> ===============
> "there are no security flaws ... if you had taken a moment to think,
> you would realize that a a major software company such as cPanel would
> not be shipping phpFormGenerator with their scripts if it had flaws.
> In any case, the program has been thoroughly tested by myself and
> other security experts and is not known to have any issues.
>
> 777 is never forced, the suggested method is to give write permissions
> to the group the process belongs to.
> upload function is "insecure". arbitrary php functions are insecure...
> could you be any more vague? You seem to be one of those ignorant
> nuts who shout slogans like "windows sucks" "linux owns" "your server
> is insecure" without realizing the garbage spooling out of your mouth.
>
> you're wasting my time.
> btw.. just so that you know, i have been on openbsd's development
> team, written the opengl kit for the openbeos OS project (now Haiku),
> and am an official GNU maintainer:
> http://www.gnu.org/people/people.html (search for my name) ... what
> you should be doing is thinking about how contributing to the
> opensource community and not being a bitch."
>
>
>
> PROOF OF CONCEPT
> ================
> 1.browse to the default install directory
>
> 2.create new form with the "file upload" function
>
> 3.complete the form using "Insert data to MySQL database table? = no"
>
> 4.as directed browse to "http://[host]/[appdir]/[newform_name]/form1.html"
>
> 5.upload phpshell type of script
>
> 6.if you supplied an email address, the link will be sent to you
>   http://[host]/[appdir]/[newform_name]/files/thescript_name_generated.php
>
>
> CREDITS
> =======
> This vulnerability was discovered and researched by Donnie Werner of 
> exploitlabs
>
> Donnie Werner
> Information Security Specialist
> wood@...loitlabs.com
> morning_wood@...e-h.org
>
> -- 
> web: http://exploitlabs.com
>
> http://exploitlabs.com/files/advisories/EXPL-A-2006-004-phpformgen.txt
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ