Product: PhpDig 1.6.x Vendor: phpdig.net Author: FraMe ( frame at kernelpanik.org ) URL: http://www.kernelpanik.org CONTENTS 1. Overview 2. Description. 3. Details 4. Patches. 1. Overview. PhpDig is a http spider/search engine written in Php with a MySql database in backend. PhpDig builds a glossary with the key words found in indexed pages. On a search query, it displays a result page with documents which contains the search keys, ranked by occurence. 2. Description. PhpDig 1.6.x allow remote command execution in ./includes/config.php Anybody can inject a url in $relative_script_path and obtain command execution with web server privileges ( usually nobody ). 3. Details. PhpDig 1.6.x from ./includes/config.php: =========================== (..) //includes language file if (is_file("$relative_script_path/locales/$phpdig_language-language.php")) {include "$relative_script_path/locales/$phpdig_language-language.php";} else {include "$relative_script_path/locales/en-language.php";} (..) //includes of libraries include "$relative_script_path/libs/phpdig_functions.php"; include "$relative_script_path/libs/function_phpdig_form.php"; include "$relative_script_path/libs/mysql_functions.php"; (..) 4. Patches a) .htaccess in ./includes b) Php globals off (Default in Php > 4.2) c) Unofficial patch for config.php can be downloaded from: http://www.kernelpanik.org/code/kernelpanik/phpdig.zip ============================== [ FraMe - frame at kernelpanik.org ] [ URL - http://frame.lifefromthenet.com ] [ Kernelpanik - http://www.kernelpanik.org ] [ PGP KeyID - 0xFA81AC9C ] ==============================