[*] VULNERABILITY REPORT
General Information:
- Reporter's Name: Gh05t666nero
- Report Date: 06/10/2023
- Testing Methodology: Source Code Review
Vulnerability Overview:
- Vulnerability Name: nikic/php-parser OS Command Injection
- Brief Description: The `execCmd` function in the code allows for the execution of arbitrary shell commands, posing a security risk.
- Vulnerability Location: https://github.com/nikic/PHP-Parser/blob/master/grammar/rebuildParsers.php
Reproduction Steps:
1. Cloning the repository from github https://github.com/nikic/PHP-Parser.
2. Enter the directory /grammar/rebuildParsers.php.
3. Run the following command in the shell to jump straight through the code and test the execCmd function for vulnerability:
root@vm-apps:/var/www/vtt-admin/vendor/nikic/php-parser/grammar# php -r "include 'rebuildParsers.php'; execCmd('uname -a');"
Impact of the Vulnerability:
- Potential Loss: The potential loss could involve unauthorized access to the system or sensitive information, data destruction, or even the takeover of system control by unauthorized parties.
- Risk Classification: [High] - The high-risk classification is due to the unrestricted ability to execute arbitrary shell commands, which can be exploited for malicious activities such as deleting or altering data, running system commands, and accessing confidential information. The existence of this vulnerability poses a serious impact on the security and integrity of the system.
Technical Details:
- Affected Technology: PHP
- Software Version: 4.17.1 (Latest)
Supporting Evidence:
https://i.ibb.co/hRVqfwr/image.png