"Unix Manual" PHP-Script allows arbitrary code execution "Unix Manual" is an PHP-Script by "Marcus S. xenakis", which allows users to view the Unix man-Pages via Browser. As a User, all you have to do is visit a Page using this script with a Browser, and entering the Unix-Command in a textbox. After clicking "Submit" the Page reloads and shows you the specified man-Page. Vulnerable Versions: I did not check very many of them yet (if there exist several versions), but every version I found was vulnerable to this bug. Bug: It seems like the Script pipes the request directly to the shell without checking for unsecure characters like ";" and so on. Example: -Go to a Page using this script (for Example: http://www.newbiehacker.uk.co/manual.php). -Enter in the textbox: "; ls -l" (without the ""). Result: "Unix Manual" shows you the contents of the directory in which the script is located. Impact: By using this bug it is possible for an attacker to execute every Unix-command he wants with HTTP-Daemon-Rights. This Information is brought to you by the www.IT-Checkpoint.net - Team. ------------------------------------------------------- BlueScreen / Florian Hobelsberger (UIN: 101782087) Member of: www.IT-Checkpoint.net www.Hackeinsteiger.de www.NGSecurity.de www.DvLdW.de.vu Für Fragen im Bereich Datensicherheit wenden Sie sich bitte an: www.Hackeinsteiger-Board.de www.Securitypoint-board.de.vu ----------------------- DISCLAIMER: The information in this bulletin is provided "AS IS" without warranty of any kind. In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages.
