Re: PHPCentral Poll Script Remote Command Execution Vulnerability

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: Re: PHPCentral Poll Script Remote Command Execution Vulnerability
From: Eren Türkay <turkay.eren@xxxxxxxxx>
Date: Tue, 21 Aug 2007 00:11:57 +0300
Dkim-signature: a=rsa-sha1; c=relaxed/relaxed; d=gmail.com; s=beta; h=domainkey-signature:received:received:from:to:subject:date:user-agent:references:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:message-id; b=rkxCR6oLZdp3Sbd65TvvYnRstj9iphT0AQn1QU5IOQliQ+mwg9VdxE5sbyQHg9d6QCvzmg6fkbZY/ghnsbbJ/z28clKS3U4qGXq6anBfp5SSc3TBK0NOB1K/8UQO12LiZRZMUO7iPnxL7d2Dy/Xwf23e7J3Yhlqbwr3+RSnfywg=
Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=beta; h=received:from:to:subject:date:user-agent:references:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:message-id; b=XGOLLeKW9uGQDQxhJGmUj/FfIzCbx5Lbh+ljcdSw+7uORnMTGNyaf1zRaozm6h67bYitCGqSB0QwuhUR5kMElhRBGukSonGhLCukepp5tdhZf3vfX2z12Xy/rsx86ISL9iu7R/Lptg7eoC2aUzlZN08Id/dvXKHTZdkrZP7PJvo=
In-reply-to: <20070820201022.1327.qmail@xxxxxxxxxxxxxxxxx>
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm
References: <20070820201022.1327.qmail@xxxxxxxxxxxxxxxxx>
User-agent: KMail/1.9.7

On Monday 20 August 2007 23:10:22 Coopercentral@xxxxxxxxx wrote:
> HI:
>
> I am the creator of this poll script, and would like to do whatever
> possible to make this NOT vulnerable.  Thanks for finding this, and hope I
> can help.

I guess, if "register_globals" option is off (it's off by default since php4), 
this exploit will fail and not work..

Please make sure that you disabled "register_globals" option in your php.ini 
who uses this script and who uses php.

References:
- Re: PHPCentral Poll Script Remote Command Execution Vulnerability
  - From: Coopercentral

Prev by Date: Re: Re: Safari for windows remote arbitry file upload
Next by Date: SIEMENS Gigaset SE361 router XSS
Previous by thread: Re: PHPCentral Poll Script Remote Command Execution Vulnerability
Next by thread: Neuron Blog Admin Permission Bypass and Remote File Upload Vulnerability
Index(es):
- Date
- Thread