OSVDB ID: 8657 Title: YaPiG add_comment.php Arbitrary Command Execution |
Info |
|
|
Dates |
||||
|
|
Description |
YaPiG contains a flaw that allows a remote attacker to execute arbitrary commands. The issue is due to the add_comment.php script not properly sanitizing user input allowing a remote attacker to upload malicious files to the server with a '.php' extension. When the uploaded script is accessed it will be executed with the same privileges as the webserver. |
Classification |
Location:
Remote/Network Access Required
Attack Type: Input Manipulation Impact: Loss of Integrity Exploit: Exploit Available Disclosure: OSVDB Verified OSVDB: Web Related |
Solution |
Currently, there are no known upgrades or patches to correct this issue. It is possible to correct the flaw by implementing the following workaround(s): 'add_comment.php', line 105: Replace: $comments_file= $gid_dir . $gid . "_" . $phid; With: $comments_file= $gid_dir . $gid . "_" . intval($phid); 'functions.php', lines 699-700: Replace: $linea=$linea . $data_array['mail'] . $SEPARATOR; $linea=$linea . $data_array['web'] . $SEPARATOR; With: $linea=$linea . htmlspecialchars($data_array['mail']) . $SEPARATOR; $linea=$linea . htmlspecialchars($data_array['web']) . $SEPARATOR; |
Products |
|
References |
|
Credit |
|
hotmail.com -