phpLinks mail() abuse Vulnerability ( By Mindwarper :: mindwarperat_private :: ) <------- -------> ---------------------- Vendor Information: ---------------------- Homepage : http://www.destiney.com Vendor : Could not be informed (Host not found) Mailed advisory: 09/01/20 Vender Response : None ---------------------- Affected Versions: ---------------------- All 2.X versions ---------------------- Vulnerability: ---------------------- |PhpLinks has an email_confirmation file located in the /include/ directory which is used to notify the users that they have signed up correctly. An exploit has been discovered in the file email_confirmation.php which works as following: An attacker may call this file directly (when it should really be included) and hijack the variables in such way that he/she may abuse the mail() function. By using the example bellow, any person can use the server's smtp service. without permission. http:/victim.com/phplinks/include/email_confirmation.php?UserName=anyone&Email=targetat_private& site_title=test_&email_confirmation_2=Hello&owner_name=bu&owner_email=I_Own_j0uat_private Side-note: An attacker may also use this file for XSS attack on the server. ---------------------- Solution: ---------------------- Please check the vendor's website for new patches. As a temporary solution, create a .htaccess file that contains 'Deny from all'. Place it in the /include/ directory and that should block remote users from accessing it. - Mindwarper Concerned about your privacy? Follow this link to get FREE encrypted email: https://www.hushmail.com/?l=2 Big $$$ to be made with the HushMail Affiliate Program: https://www.hushmail.com/about.php?subloc=affiliate&l=427
This archive was generated by hypermail 2b30 : Thu Jan 23 2003 - 12:41:55 PST