Remote Code Execution Vulnerability

Please report bugs here!

Moderators: jason102178, Florian, Thorsten, JochenS

Remote Code Execution Vulnerability

Postby EgiX » Mon Oct 24, 2011 5:25 pm

Hi,
I've found a vulnerability that afflict the Ajax File Manager plugin. The vulnerable code is located in /admin/editor/plugins/ajaxfilemanager/ajax_create_folder.php

Code: Select all
   @ob_start();
   displayArray($_POST);
   writeInfo(@ob_get_clean());   

The writeInfo() function simply write all the $_POST content into a file called 'data.php' so an attacker could be able to execute arbitrary PHP code.
I suggest to comment out the entire line 13 otherwise you could change 'data.php' with 'data.txt' into /admin/editor/plugins/ajaxfilemanager/inc/function.base.php

Regards,
EgiX
EgiX
 
Posts: 1
Joined: Mon Oct 24, 2011 4:40 pm

Re: Remote Code Execution Vulnerability

Postby jason102178 » Tue Oct 25, 2011 3:27 am

Thank you for that information EgiX, I will have Thorsten the Lead Developer take a look into this..

Cheers,

Jason
phpMyFAQ Quality Assurance / Forum Moderator
Amazon.com Wishlist
jason102178
 
Posts: 200
Joined: Tue Nov 02, 2010 9:08 am
Location: United States-Ohio

Re: Remote Code Execution Vulnerability

Postby Thorsten » Tue Oct 25, 2011 9:17 am

Hi,

I'll check it.

bye
Thorsten
phpMyFAQ Maintainer and Lead Developer
amazon.de Wishlist
Thorsten
 
Posts: 12968
Joined: Tue Sep 25, 2001 11:14 am
Location: #phpmyfaq

Re: Remote Code Execution Vulnerability

Postby jason102178 » Tue Oct 25, 2011 7:11 pm

phpMyFAQ Quality Assurance / Forum Moderator
Amazon.com Wishlist
jason102178
 
Posts: 200
Joined: Tue Nov 02, 2010 9:08 am
Location: United States-Ohio

Re: Remote Code Execution Vulnerability

Postby Thorsten » Tue Oct 25, 2011 7:46 pm

HI,

thanks for your hint, 2.6.19 and 2.7.1 were released a couple of minutes ago. I mentioned your name in the security advisory: http://www.phpmyfaq.de/advisory_2011-10-25.php

Thanks again!

bye
Thorsten
phpMyFAQ Maintainer and Lead Developer
amazon.de Wishlist
Thorsten
 
Posts: 12968
Joined: Tue Sep 25, 2001 11:14 am
Location: #phpmyfaq

Re: Remote Code Execution Vulnerability

Postby MiloMamino » Fri Dec 07, 2012 5:14 pm

jason102178 wrote:Fixed in 2.7.1 version

also can find fix on github

https://github.com/thorsten/phpMyFAQ/commit/ed5a2ebd02040110f7d6ad6bd554584456956882

This fix seems to help. I will test it and if I face any issues I will contact you again ;-)
MiloMamino
 
Posts: 1
Joined: Fri Dec 07, 2012 5:11 pm


Return to Bug reports

Who is online

Users browsing this forum: No registered users and 4 guests