[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <011601c69eee$dd60c6f0$345fa8c0@pitgroup.local>
Date: Mon Jul 3 23:21:58 2006
From: massimo at grandmedia.si (...)
Subject: phpFormGenerator
so now we know where to look for new faults ;-)
----- Original Message -----
From: "pingywon" <pingywon@...mail.com>
To: "Morning Wood" <se_cur_ity@...mail.com>;
<full-disclosure@...ts.grok.org.uk>
Sent: Friday, June 30, 2006 11:32 PM
Subject: Re: [Full-disclosure] phpFormGenerator
> "btw.. just so that you know, i have been on openbsd's development
>> team, written the opengl kit for the openbeos OS project (now Haiku),
>> and am an official GNU maintainer:
>> http://www.gnu.org/people/people.html (search for my name) ... what
>> you should be doing is thinking about how contributing to the
>> opensource community and not being a bitch.""
>
>
> ...just so you KNOW
>
> see how popular he is...there cant be any flaws in his software.....hes
> popular
>
> ~pingywon MCSE
> www.pingywon.com
> www.illmob.org
> www.freeillwill.com
>
>
>
>
> ----- Original Message -----
> From: "Morning Wood" <se_cur_ity@...mail.com>
> To: <full-disclosure@...ts.grok.org.uk>
> Sent: Friday, June 30, 2006 5:11 PM
> Subject: [Full-disclosure] phpFormGenerator
>
>
>> - EXPL-A-2006-004 exploitlabs.com Advisory 049 -
>> - phpFormGenerator -
>>
>>
>>
>>
>> AFFECTED PRODUCTS
>> =================
>> phpFormGenerator < v2.09
>> http://phpformgen.sourceforge.net/
>>
>>
>> OVERVIEW
>> ========
>> phpFormGenerator is an easy-to-use tool to create reliable and efficient
>> web forms in a snap. No programming of any sort is required. Just follow
>> along the phpFormGenerator wizard and at the end, you will have a fully
>> functional web form!
>>
>> note:
>> as stated by the vendor this script is widely used with cPanel
>> and other hosting provider solutions.
>>
>>
>>
>> DETAILS
>> =======
>> phpFormGenerator by default installs all directories
>> as chmod 777 and will not function if they are not set as such.
>>
>> in the readme:
>> "3. Set read+write+execute file permissions on the 'forms'
>> directory and *everything* inside it (including all subdirectories and
>> files)
>>
>> UNIX:
>> chmod -R 777 forms"
>>
>> in process2.php:
>> "please make sure that the forms directory (and everything in it)
>> has read+write access. you can achieve this by issuing the following
>> command on linux/unix:
>> chmod -R 777 forms"
>>
>>
>> researcher note:
>> when the applications directories are not set 777 the app errors with:
>>
>>
>> "File and Directory permissions The forms directory is not writeable.
>> The forms/admin directory is not writeable.
>> The use directory is not writeable.
>> Please give read+write permissions to all the files
>> and directories mentioned above. Refresh this page
>> after you have done so."
>>
>>
>> SOLUTION
>> ========
>> vendor contact:
>> Musawir Ali" musawir@...il.com June 30, 2006
>>
>> patch: none ( see vendor response )
>>
>>
>> VENDOR RESPONSE
>> ===============
>> "there are no security flaws ... if you had taken a moment to think,
>> you would realize that a a major software company such as cPanel would
>> not be shipping phpFormGenerator with their scripts if it had flaws.
>> In any case, the program has been thoroughly tested by myself and
>> other security experts and is not known to have any issues.
>>
>> 777 is never forced, the suggested method is to give write permissions
>> to the group the process belongs to.
>> upload function is "insecure". arbitrary php functions are insecure...
>> could you be any more vague? You seem to be one of those ignorant
>> nuts who shout slogans like "windows sucks" "linux owns" "your server
>> is insecure" without realizing the garbage spooling out of your mouth.
>>
>> you're wasting my time.
>> btw.. just so that you know, i have been on openbsd's development
>> team, written the opengl kit for the openbeos OS project (now Haiku),
>> and am an official GNU maintainer:
>> http://www.gnu.org/people/people.html (search for my name) ... what
>> you should be doing is thinking about how contributing to the
>> opensource community and not being a bitch."
>>
>>
>>
>> PROOF OF CONCEPT
>> ================
>> 1.browse to the default install directory
>>
>> 2.create new form with the "file upload" function
>>
>> 3.complete the form using "Insert data to MySQL database table? = no"
>>
>> 4.as directed browse to
>> "http://[host]/[appdir]/[newform_name]/form1.html"
>>
>> 5.upload phpshell type of script
>>
>> 6.if you supplied an email address, the link will be sent to you
>>
>> http://[host]/[appdir]/[newform_name]/files/thescript_name_generated.php
>>
>>
>> CREDITS
>> =======
>> This vulnerability was discovered and researched by Donnie Werner of
>> exploitlabs
>>
>> Donnie Werner
>> Information Security Specialist
>> wood@...loitlabs.com
>> morning_wood@...e-h.org
>>
>> --
>> web: http://exploitlabs.com
>>
>> http://exploitlabs.com/files/advisories/EXPL-A-2006-004-phpformgen.txt
>>
>> _______________________________________________
>> Full-Disclosure - We believe in it.
>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>> Hosted and sponsored by Secunia - http://secunia.com/
>>
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>
>
Powered by blists - more mailing lists