Package home | Report new bug | New search | Development Roadmap Status: Open | Feedback | All | Closed Since Version 1.5.5
Bug #4692 Remote Code Exection In XML RPC Server
Submitted: 2005-06-27 23:20 UTC
From: security at gulftech dot org Assigned: danielc
Status: Closed Package: XML_RPC
PHP Version: 4.3.11 OS: Any
Roadmaps: (Not assigned)    
Subscription  


 [2005-06-27 23:20 UTC] security at gulftech dot org
Description: ------------ I am intentionally being vague here as this issue is so dangerous and affects many applications. For details please contact me at security a|t gulftech d|o|t org Reproduce code: --------------- Contact Me For Exploit Code Expected result: ---------------- xmlrpc.pl http://pathtoxmlrpc/server "id;pwd;uname -a;uptime" [*] Sending command id;pwd;uname -a;uptime [*] Command sent, waiting for response uid=33(www-data) gid=33(www-data) groups=33(www-data) /var/www/drupal Linux cacophony 2.4.18-bf2.4 Apr 14 09:53:28 CEST 2002 i686 GNU/Linux 23:27:22 up 5 days, 9:05, 0 users, load average: 0.12, 0.16, 0.21

Comments

 [2005-07-02 13:21 UTC] User who submitted this comment has not confirmed identity
If you submitted this note, check your email.If you do not have a message, click here to re-send
MANUAL CONFIRMATION IS NOT POSSIBLE.  Write a message to pear-dev@lists.php.net
to request the confirmation link.  All bugs/comments/patches associated with this

email address will be deleted within 48 hours if the account request is not confirmed!
 [2005-07-02 14:11 UTC] security at gulftech dot org
So far so good :) Regards, James