Bug: eAccelerator encoder files backup Vulnerability (WLB-2009070004 Ascii Version)

	WLB2
Full List

Bugs

Bogus

Tricks

Exploits

	CVE MAP
Full List

Vendors

Products

	Tools
CWE Dictionary

Google Hacking

	Search
General

CVE

CWE

	RSS
Full List

Bugs

Exploits

Dorks

	Information
Our services

Add note

About



	Submit
To add a note, use this form or send email to submit@cxsecurity.com When contacting via email, we recommend coded messages. Get our PGP public key

Topic:	eAccelerator encoder files backup Vulnerability
Credit:	linuxrootkit2008
Date:	2009.07.03
CWE:	CWE-94 (Show similar)
CVE:	CVE-2009-2353 (Show details) Use CVE to see details like: - CVSS2, - Affected Software, - References

Risk	Local		Remote
Medium	No		Yes

eAccelerator encoder files backup Vulnerability

1.Description
eAccelerator is a free open-source PHP accelerator, optimizer, and dynamic content cache. It increases the performance
of PHP scripts by caching them in their compiled state, so that the overhead of compiling is almost completely
eliminated. It also optimizes scripts to speed up their execution. eAccelerator typically reduces server load and
increases the speed of your PHP code by 1-10 times.

2. The Vulnerability

eAccelerator has a function which encode php source in encoder.php.
You can backup all system files to specify directory or specify files.Of course you can upload image to Web Server and
backup it to the web directory
so you can ...........

3.II. Disclosure Timeline
2009/06/29 Vendor contact.
2009/06/30 Public Disclosure.

4. Thanks
all of Whitehat Community's friend && Great Milw0rm!
2009/06/30 by cnbird

Sorry my bad english!

References:

http://www.securityfocus.com/archive/1/archive/1/504695/100/0/threaded

[ ASCII VERSION ]

Bug: eAccelerator encoder files backup Vulnerability (WLB-2009070004 Ascii Version)

use this form