S-126: Members Area System 'view_func.php' Vulnerability

Tags

php, security, system, view

Special Forums Cybersecurity Security Advisories (RSS) S-126: Members Area System 'view_func.php' Vulnerability

01-22-2008

Registered User

26,240, 27

Join Date: Sep 2000

Last Activity: 1 August 2008, 3:09 PM EDT

Posts: 26,240

Thanks Given: 0

Thanked 27 Times in 26 Posts

S-126: Members Area System 'view_func.php' Vulnerability

Members Area System is prone to a remote file-include vulnerability because it fails to properly sanitize user-supplied input. The risk is MEDIUM. An attacker can exploit this issue to include an arbitrary remote file containing malicious PHP code and execute it in the context of the webserver process. This may facilitate a compromise of the application and the underlying system; other attacks are also possible.

More...

Linux Bot

View Public Profile for Linux Bot

Find all posts by Linux Bot

Previous Thread | Next Thread

4 More Discussions You Might Find Interesting

1. Cybersecurity

Web Hack Attempt from whois 209.126.68.6

Anyone care to take a stab at decoding this hack attempt on a web server. From the error logs: $ cat error.log (36)File name too long: AH00036: access to...

2. Shell Programming and Scripting

SFTP return Error Code 126

Hi, We are getting the following error code while connection remote server using sftp command. sftp user@serrver Warning: child process (/opt/ssh2/bin/ssh2) exited with code 126. pls Advise.

3. UNIX for Advanced & Expert Users

Exit Status 126 - how to get rid of it

Hi All, I have a small application hosted on apache-tomcat 5. Basically its a html page which in turn calls a perl script residing on unix server. Through this perl script i am calling a shell script using system command , like system('scriptname.sh',arg1,arg2,arg3); Now in the script...

4. AIX

ar: 0707-126

Trying to build code on IBM_AIX 5.3. Following error occured during build. ar: 0707-126 $projdir/obj/ibm/5.3/NewApp/NewApp.o is not valid with the current object file mode. Use the -X option to specify the desired object mode. ANy help is appreciated to resolve the error.

LEARN ABOUT PHP

classkit_import

CLASSKIT_IMPORT(3)							 1							CLASSKIT_IMPORT(3)

classkit_import - Import new class method definitions from a file

SYNOPSIS

       array classkit_import (string  $filename)

DESCRIPTION

       Note

	      This function cannot be used to manipulate the currently running (or chained) method.

       Warning

	      This  function is EXPERIMENTAL. The behaviour of this function, its name, and surrounding documentation may change without notice in
	      a future release of PHP. This function should be used at your own risk.

PARAMETERS

	      o $filename
		- The filename of the class method definitions to import

RETURN VALUES

	Associative array of imported methods

EXAMPLES

       Example #1

	      classkit_import(3) example

	      <?php
	      // file: newclass.php
	      class Example {
		  function foo() {
		      return "bar!
";
		  }
	      }
	      ?>

	      <?php
	      // requires newclass.php (see above)
	      class Example {
		  function foo() {
		      return "foo!
";
		  }
	      }

	      $e = new Example();

	      // output original
	      echo $e->foo();

	      // import replacement method
	      classkit_import('newclass.php');

	      // output imported
	      echo $e->foo();

	      ?>

	      The above example will output:

	      foo!
	      bar!

SEE ALSO

       classkit_method_add(3), classkit_method_copy(3).

PHP Documentation Group 													CLASSKIT_IMPORT(3)

Security Advisories (RSS)