lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Fri Jun 30 22:32:49 2006 From: pingywon at hotmail.com (pingywon) Subject: phpFormGenerator "btw.. just so that you know, i have been on openbsd's development > team, written the opengl kit for the openbeos OS project (now Haiku), > and am an official GNU maintainer: > http://www.gnu.org/people/people.html (search for my name) ... what > you should be doing is thinking about how contributing to the > opensource community and not being a bitch."" ...just so you KNOW see how popular he is...there cant be any flaws in his software.....hes popular ~pingywon MCSE www.pingywon.com www.illmob.org www.freeillwill.com ----- Original Message ----- From: "Morning Wood" <se_cur_ity@...mail.com> To: <full-disclosure@...ts.grok.org.uk> Sent: Friday, June 30, 2006 5:11 PM Subject: [Full-disclosure] phpFormGenerator > - EXPL-A-2006-004 exploitlabs.com Advisory 049 - > - phpFormGenerator - > > > > > AFFECTED PRODUCTS > ================= > phpFormGenerator < v2.09 > http://phpformgen.sourceforge.net/ > > > OVERVIEW > ======== > phpFormGenerator is an easy-to-use tool to create reliable and efficient > web forms in a snap. No programming of any sort is required. Just follow > along the phpFormGenerator wizard and at the end, you will have a fully > functional web form! > > note: > as stated by the vendor this script is widely used with cPanel > and other hosting provider solutions. > > > > DETAILS > ======= > phpFormGenerator by default installs all directories > as chmod 777 and will not function if they are not set as such. > > in the readme: > "3. Set read+write+execute file permissions on the 'forms' > directory and *everything* inside it (including all subdirectories and > files) > > UNIX: > chmod -R 777 forms" > > in process2.php: > "please make sure that the forms directory (and everything in it) > has read+write access. you can achieve this by issuing the following > command on linux/unix: > chmod -R 777 forms" > > > researcher note: > when the applications directories are not set 777 the app errors with: > > > "File and Directory permissions The forms directory is not writeable. > The forms/admin directory is not writeable. > The use directory is not writeable. > Please give read+write permissions to all the files > and directories mentioned above. Refresh this page > after you have done so." > > > SOLUTION > ======== > vendor contact: > Musawir Ali" musawir@...il.com June 30, 2006 > > patch: none ( see vendor response ) > > > VENDOR RESPONSE > =============== > "there are no security flaws ... if you had taken a moment to think, > you would realize that a a major software company such as cPanel would > not be shipping phpFormGenerator with their scripts if it had flaws. > In any case, the program has been thoroughly tested by myself and > other security experts and is not known to have any issues. > > 777 is never forced, the suggested method is to give write permissions > to the group the process belongs to. > upload function is "insecure". arbitrary php functions are insecure... > could you be any more vague? You seem to be one of those ignorant > nuts who shout slogans like "windows sucks" "linux owns" "your server > is insecure" without realizing the garbage spooling out of your mouth. > > you're wasting my time. > btw.. just so that you know, i have been on openbsd's development > team, written the opengl kit for the openbeos OS project (now Haiku), > and am an official GNU maintainer: > http://www.gnu.org/people/people.html (search for my name) ... what > you should be doing is thinking about how contributing to the > opensource community and not being a bitch." > > > > PROOF OF CONCEPT > ================ > 1.browse to the default install directory > > 2.create new form with the "file upload" function > > 3.complete the form using "Insert data to MySQL database table? = no" > > 4.as directed browse to "http://[host]/[appdir]/[newform_name]/form1.html" > > 5.upload phpshell type of script > > 6.if you supplied an email address, the link will be sent to you > http://[host]/[appdir]/[newform_name]/files/thescript_name_generated.php > > > CREDITS > ======= > This vulnerability was discovered and researched by Donnie Werner of > exploitlabs > > Donnie Werner > Information Security Specialist > wood@...loitlabs.com > morning_wood@...e-h.org > > -- > web: http://exploitlabs.com > > http://exploitlabs.com/files/advisories/EXPL-A-2006-004-phpformgen.txt > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ >
Powered by blists - more mailing lists