Monday, 7 May 2012

Un-Patched PHP-CGI remote code execution bug can expose Source Codes

crackthesecurity | 02:06 |

A serious remote code execution vulnerability in PHP-CGI disclosed. PHP-CGI-based setups contain a vulnerability when parsing query string parameters from php files. The developers were still in the process of building the patch for the flaw when it was disclosed Wednesday, But the vulnerability can only be exploited if the HTTP server follows a fairly obscure part of the CGI spec.

Un-Patched+PHP-CGI+remote+code+execution+bug+can+expose+Source+Codes

According to advisory (CVE-2012-1823) , PHP-CGI installations are vulnerable to remote code execution. You can pass command-line arguments like the “-s” switch “show source” to PHP via the query string. For example, You could see the source via “http://localhost/test.php?-s” . A remote unauthenticated attacker could obtain sensitive information, cause a denial of service condition or may be able to execute arbitrary code with the privileges of the web server.

The team that found the bug, known as Eindbazen. They said that it had been waiting for several months for the PHP Group to release a patch for the vulnerability in order to publish information about the bug.

What this vulnerability can do ? It can help attacker to find out database passwords, file locations etc and  Execute any file on the server’s local disk. Most important , using some trick if you have the possibility to upload a file to the server, execute any code.

So, When PHP is used in a CGI-based setup the php-cgi receives a processed query string parameter as command line arguments which allows command-line switches, such as -s, -d or -c to be passed to the php-cgi binary, which can be exploited to disclose source code and obtain arbitrary code execution.


If you Like This Article,Then kindly linkback to this article by copying one of the codes below.

URL Of Post:



Paste This HTML Code On Your Page:

0 comments:

Post a Comment