Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Vuln-Dev
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

SimplePHPBlog Arbitrary File Deletion and Sample Exploit

from ['ken'@FTU] Network Security [Permanent Link]
Subject: SimplePHPBlog Arbitrary File Deletion and Sample Exploit
Date: Mon, 29 Aug 2005 07:42:23 -0400 
SimplePHPBlog has a vulnerability in its comment_delete_cgi.php.

The PHP script allows for the arbitrary deletion of files.

Please see following link for a perl script to demonstrate the exploit:
http://www.ftusecurity.com/pub/sphpblog_vulns
(Please add .pl extension as my ISP server preprocesses the file if it is .pl or txt.)


This vulnerability, in combination with the fact that the installation
scripts are left on the server after installation, allows an arbitrary
user to reset the admin password to one of the attacker's choosing.

The script demonstrates the ability to delete files, reset the admin
password to the attacker's choosing and upload files (including a
command prompt).

The exploit is for educational purposes only.

To prevent this exploit change the line in comment_delete_cgi.php
from $logged_in = logged_in( false, true );
to $logged_in = logged_in( true, true );

Sincerely,
'ken'@FTU
Kenneth F. Belva, CISSP
http://www.ftusecurity.com

[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • SimplePHPBlog Arbitrary File Deletion and Sample Exploit, 'ken'@FTU <=
Previous by Date:  Land Down Under 801 And Prior Multiple SQL Injection Vulnerabilities, h4cky0u . org
Next by Date:  Re: unload event in ie/mozilla/opera, gegegz
Previous by Thread:  Land Down Under 801 And Prior Multiple SQL Injection Vulnerabilities, h4cky0u . org
Next by Thread:  Vulnerability in Helpdesk software Hesk 0.92, s2b
Indexes:  [Date] [Thread] [Top] [All Lists]