|PhpLinks has an email_confirmation file located in the /include/ directory which is used to
notify the users that they have signed up correctly. An exploit has been discovered in the
file email_confirmation.php which works as following: An attacker may call this file directly
(when it should really be included) and hijack the variables in such way that he/she may abuse
the mail() function. By using the example bellow, any person can use the server's smtp service.
without permission.
http:/victim.com/phplinks/include/email_confirmation.php?UserName=anyone
&Email=target (at) mail (dot) com [email concealed]&
site_title=test_&email_confirmation_2=Hello&owner_name=bu&owner_email=I_
Own_j0u (at) victim (dot) com [email concealed]
Side-note: An attacker may also use this file for XSS attack on the server.
Please check the vendor's website for new patches.
As a temporary solution, create a .htaccess file that contains 'Deny from all'.
Place it in the /include/ directory and that should block remote users from accessing it.
- Mindwarper
Concerned about your privacy? Follow this link to get
FREE encrypted email: https://www.hushmail.com/?l=2
Big $$$ to be made with the HushMail Affiliate Program:
https://www.hushmail.com/about.php?subloc=affiliate&l=427
phpLinks mail() abuse Vulnerability ( By Mindwarper :: mindwarper (at) hush (dot) com [email concealed] :: )
<------- ------->
----------------------
Vendor Information:
----------------------
Homepage : http://www.destiney.com
Vendor : Could not be informed (Host not found)
Mailed advisory: 09/01/20
Vender Response : None
----------------------
Affected Versions:
----------------------
All 2.X versions
----------------------
Vulnerability:
----------------------
|PhpLinks has an email_confirmation file located in the /include/ directory which is used to
notify the users that they have signed up correctly. An exploit has been discovered in the
file email_confirmation.php which works as following: An attacker may call this file directly
(when it should really be included) and hijack the variables in such way that he/she may abuse
the mail() function. By using the example bellow, any person can use the server's smtp service.
without permission.
http:/victim.com/phplinks/include/email_confirmation.php?UserName=anyone
&Email=target (at) mail (dot) com [email concealed]&
site_title=test_&email_confirmation_2=Hello&owner_name=bu&owner_email=I_
Own_j0u (at) victim (dot) com [email concealed]
Side-note: An attacker may also use this file for XSS attack on the server.
----------------------
Solution:
----------------------
Please check the vendor's website for new patches.
As a temporary solution, create a .htaccess file that contains 'Deny from all'.
Place it in the /include/ directory and that should block remote users from accessing it.
- Mindwarper
Concerned about your privacy? Follow this link to get
FREE encrypted email: https://www.hushmail.com/?l=2
Big $$$ to be made with the HushMail Affiliate Program:
https://www.hushmail.com/about.php?subloc=affiliate&l=427
[ reply ]