Remote Code Execution Vulnerability

Please report bugs here!

Moderator: Thorsten

Post Reply
EgiX
Posts: 1
Joined: Mon Oct 24, 2011 4:40 pm

Remote Code Execution Vulnerability

Post by EgiX »

Hi,
I've found a vulnerability that afflict the Ajax File Manager plugin. The vulnerable code is located in /admin/editor/plugins/ajaxfilemanager/ajax_create_folder.php

Code: Select all

	@ob_start();
	displayArray($_POST);
	writeInfo(@ob_get_clean());	
The writeInfo() function simply write all the $_POST content into a file called 'data.php' so an attacker could be able to execute arbitrary PHP code.
I suggest to comment out the entire line 13 otherwise you could change 'data.php' with 'data.txt' into /admin/editor/plugins/ajaxfilemanager/inc/function.base.php

Regards,
EgiX
jason102178
Posts: 200
Joined: Tue Nov 02, 2010 9:08 am
Location: United States-Ohio
Contact:

Re: Remote Code Execution Vulnerability

Post by jason102178 »

Thank you for that information EgiX, I will have Thorsten the Lead Developer take a look into this..

Cheers,

Jason
phpMyFAQ Quality Assurance / Forum Moderator
Amazon.com Wishlist
Thorsten
Posts: 15560
Joined: Tue Sep 25, 2001 11:14 am
Location: #phpmyfaq
Contact:

Re: Remote Code Execution Vulnerability

Post by Thorsten »

Hi,

I'll check it.

bye
Thorsten
phpMyFAQ Maintainer and Lead Developer
amazon.de Wishlist
jason102178
Posts: 200
Joined: Tue Nov 02, 2010 9:08 am
Location: United States-Ohio
Contact:

Re: Remote Code Execution Vulnerability

Post by jason102178 »

Fixed in 2.7.1 version

also can find fix on github

https://github.com/thorsten/phpMyFAQ/co ... 4456956882
phpMyFAQ Quality Assurance / Forum Moderator
Amazon.com Wishlist
Thorsten
Posts: 15560
Joined: Tue Sep 25, 2001 11:14 am
Location: #phpmyfaq
Contact:

Re: Remote Code Execution Vulnerability

Post by Thorsten »

HI,

thanks for your hint, 2.6.19 and 2.7.1 were released a couple of minutes ago. I mentioned your name in the security advisory: http://www.phpmyfaq.de/advisory_2011-10-25.php

Thanks again!

bye
Thorsten
phpMyFAQ Maintainer and Lead Developer
amazon.de Wishlist
MiloMamino
Posts: 1
Joined: Fri Dec 07, 2012 5:11 pm

Re: Remote Code Execution Vulnerability

Post by MiloMamino »

jason102178 wrote:Fixed in 2.7.1 version

also can find fix on github

https://github.com/thorsten/phpMyFAQ/co ... 4456956882
This fix seems to help. I will test it and if I face any issues I will contact you again ;-)
Post Reply