Bug #4692 :: Remote Code Exection In XML RPC Server

Package home | Report new bug | New search | Development Roadmap

Status: Open | Feedback | All | Closed Since Version 1.5.2

Bug #4692	Remote Code Exection In XML RPC Server
Submitted:	2005-06-27 18:20 UTC	Modified:	2006-12-24 15:02 UTC
From:	security at gulftech dot org	Assigned:	danielc
Status:	Closed	Package:	XML_RPC
PHP Version:	4.3.11	OS:	Any
Roadmaps:	(Not assigned)
Subscription	Your email:

Comments Add Comment Add patch

[2005-06-27 18:20 UTC] security at gulftech dot org

Description:
------------
I am intentionally being vague here as this issue is so dangerous and affects many applications. For details please contact me at security a|t gulftech d|o|t org

Reproduce code:
---------------
Contact Me For Exploit Code

Expected result:
----------------
xmlrpc.pl http://pathtoxmlrpc/server "id;pwd;uname -a;uptime"
[*] Sending command id;pwd;uname -a;uptime
[*] Command sent, waiting for response
uid=33(www-data) gid=33(www-data) groups=33(www-data)
/var/www/drupal
Linux cacophony 2.4.18-bf2.4  Apr 14 09:53:28 CEST 2002 i686 GNU/Linux
23:27:22 up 5 days,  9:05,  0 users,  load average: 0.12, 0.16, 0.21

Comments

[2005-07-02 08:21 UTC] danielc

Does the new release, 1.3.1, solve the issue for you?

[2005-07-02 09:11 UTC] security at gulftech dot org

So far so good :)

Regards,

James

Explanation
Success
Failure
Roadmap version already released