Jump to content
ionut97

Un-Patched PHP-CGI remote code execution vulnerability can expose Source Codes

Recommended Posts

Posted

Un-Patched+PHP-CGI+remote+code+execution+bug+can+expose+Source+Codes.png

A serious remote code execution vulnerability in PHP-CGI disclosed. PHP-CGI-based setups contain a vulnerability when parsing query string parameters from php files. The developers were still in the process of building the patch for the flaw when it was disclosed Wednesday, But the vulnerability can only be exploited if the HTTP server follows a fairly obscure part of the CGI spec.

According to advisory (CVE-2012-1823) , PHP-CGI installations are vulnerable to remote code execution. You can pass command-line arguments like the “-s” switch “show source” to PHP via the query string. For example, You could see the source via “http://localhost/test.php?-s” . A remote unauthenticated attacker could obtain sensitive information, cause a denial of service condition or may be able to execute arbitrary code with the privileges of the web server.

The team that found the bug, known as Eindbazen. They said that it had been waiting for several months for the PHP Group to release a patch for the vulnerability in order to publish information about the bug.

What this vulnerability can do ? It can help attacker to find out database passwords, file locations etc and Execute any file on the server’s local disk. Most important , using some trick if you have the possibility to upload a file to the server, execute any code.

So, When PHP is used in a CGI-based setup the php-cgi receives a processed query string parameter as command line arguments which allows command-line switches, such as -s, -d or -c to be passed to the php-cgi binary, which can be exploited to disclose source code and obtain arbitrary code execution.

Source:

Un-Patched PHP-CGI remote code execution vulnerability can expose Source Codes | The Hacker News

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.



×
×
  • Create New...