S-126: Members Area System 'view_func.php' Vulnerability

Tags

php, security, system, view

Special Forums Cybersecurity Security Advisories (RSS) S-126: Members Area System 'view_func.php' Vulnerability

01-22-2008

Registered User

26,240, 27

Join Date: Sep 2000

Last Activity: 1 August 2008, 3:09 PM EDT

Posts: 26,240

Thanks Given: 0

Thanked 27 Times in 26 Posts

S-126: Members Area System 'view_func.php' Vulnerability

Members Area System is prone to a remote file-include vulnerability because it fails to properly sanitize user-supplied input. The risk is MEDIUM. An attacker can exploit this issue to include an arbitrary remote file containing malicious PHP code and execute it in the context of the webserver process. This may facilitate a compromise of the application and the underlying system; other attacks are also possible.

More...

Linux Bot

View Public Profile for Linux Bot

Find all posts by Linux Bot

Previous Thread | Next Thread

4 More Discussions You Might Find Interesting

1. Cybersecurity

Web Hack Attempt from whois 209.126.68.6

Anyone care to take a stab at decoding this hack attempt on a web server. From the error logs: $ cat error.log (36)File name too long: AH00036: access to...

2. Shell Programming and Scripting

SFTP return Error Code 126

Hi, We are getting the following error code while connection remote server using sftp command. sftp user@serrver Warning: child process (/opt/ssh2/bin/ssh2) exited with code 126. pls Advise.

3. UNIX for Advanced & Expert Users

Exit Status 126 - how to get rid of it

Hi All, I have a small application hosted on apache-tomcat 5. Basically its a html page which in turn calls a perl script residing on unix server. Through this perl script i am calling a shell script using system command , like system('scriptname.sh',arg1,arg2,arg3); Now in the script...

4. AIX

ar: 0707-126

Trying to build code on IBM_AIX 5.3. Following error occured during build. ar: 0707-126 $projdir/obj/ibm/5.3/NewApp/NewApp.o is not valid with the current object file mode. Use the -X option to specify the desired object mode. ANy help is appreciated to resolve the error.

LEARN ABOUT LINUX

php-config5

php-config(1)							Scripting Language						     php-config(1)

NAME

       php-config - get information about PHP configuration and compile options

SYNOPSIS

       php-config [options]

DESCRIPTION

       php-config is a simple shell script for obtaining information about installed PHP configuration.

OPTIONS

       --prefix       Directory prefix where PHP is installed, e.g. /usr/local
       --includes     List of -I options with all include files
       --ldflags      LD Flags which PHP was compiled with
       --libs	      Extra libraries which PHP was compiled with
       --extension-dir
		      Directory where extensions are searched by default
       --include-dir  Directory prefix where header files are installed by default
       --php-binary   Full path to php CLI or CGI binary
       --php-sapis    Show all SAPI modules available
       --configure-options
		      Configure options to recreate configuration of current PHP installation
       --version      PHP version
       --vernum       PHP version as integer

       SEE ALSO
	      php(1)

VERSION INFORMATION

       This manpage describes php, version 5.3.6-13ubuntu3.10.

COPYRIGHT

       Copyright (C) 1997-2010 The PHP Group

       This  source  file  is  subject to version 3.01 of the PHP license, that is bundled with this package in the file LICENSE, and is available
       through the world-wide-web at the following url:
       http://www.php.net/license/3_01.txt

       If you did not receive a copy of the PHP license and  are  unable  to  obtain  it  through  the	world-wide-web,  please  send  a  note	to
       license@php.net so we can mail you a copy immediately.

The PHP Group							       2010							     php-config(1)

Security Advisories (RSS)