header-logo
Suggest Exploit
vendor:
php-ping
by:
SecurityFocus
7.5
CVSS
HIGH
Remote Command Execution
78
CWE
Product Name: php-ping
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: YES
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2003

php-ping Remote Command Execution Vulnerability

It has been reported that php-ping may be prone to a remote command execution vulnerability that may allow remote attackers to execute commands on vulnerable systems. The problem exists due to insufficient sanitization of shell metacharacters via the 'count' parameter of php-ping.php script. Exploitation would permit a remote attacker to execute arbitrary commands with the privileges of the web server hosting the vulnerable software.

Mitigation:

Input validation should be used to ensure that user-supplied data is properly sanitized.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/9309/info

It has been reported that php-ping may be prone to a remote command execution vulnerability that may allow remote attackers to execute commands on vulnerable systems. The problem exists due to insufficient sanitization of shell
metacharacters via the 'count' parameter of php-ping.php script.

Exploitation would permit a remote attacker to execute arbitrary commands with the privileges of the web server hosting the vulnerable software. 

http://www.example.com/php-ping.php?count=1+%26+ls%20-l+%26&submit=Ping%21
http://www.example.com/php-ping.php?count=1+%26+cat%20/etc/passwd+%26&submit=Ping%21

Navigation

Suggest Exploit

Services By CQR