nikic/php-parser - OS Command Injection

2023.10.08
Credit: Gh05t666nero
Risk: High
Local: No
Remote: Yes
CVE: N/A
CWE: N/A

[*] VULNERABILITY REPORT General Information: - Reporter's Name: Gh05t666nero - Report Date: 06/10/2023 - Testing Methodology: Source Code Review Vulnerability Overview: - Vulnerability Name: nikic/php-parser OS Command Injection - Brief Description: The `execCmd` function in the code allows for the execution of arbitrary shell commands, posing a security risk. - Vulnerability Location: https://github.com/nikic/PHP-Parser/blob/master/grammar/rebuildParsers.php Reproduction Steps: 1. Cloning the repository from github https://github.com/nikic/PHP-Parser. 2. Enter the directory /grammar/rebuildParsers.php. 3. Run the following command in the shell to jump straight through the code and test the execCmd function for vulnerability: root@vm-apps:/var/www/vtt-admin/vendor/nikic/php-parser/grammar# php -r "include 'rebuildParsers.php'; execCmd('uname -a');" Impact of the Vulnerability: - Potential Loss: The potential loss could involve unauthorized access to the system or sensitive information, data destruction, or even the takeover of system control by unauthorized parties. - Risk Classification: [High] - The high-risk classification is due to the unrestricted ability to execute arbitrary shell commands, which can be exploited for malicious activities such as deleting or altering data, running system commands, and accessing confidential information. The existence of this vulnerability poses a serious impact on the security and integrity of the system. Technical Details: - Affected Technology: PHP - Software Version: 4.17.1 (Latest) Supporting Evidence: https://i.ibb.co/hRVqfwr/image.png


Vote for this issue:
66%
34%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024, cxsecurity.com

 

Back to Top