Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

PHP Object Serialisation Bug #555

Closed
prodigysml opened this issue May 29, 2018 · 1 comment
Closed

PHP Object Serialisation Bug #555

prodigysml opened this issue May 29, 2018 · 1 comment
Assignees

Comments

@prodigysml
Copy link

Summary

An attacker with administrative privileges can perform PHP object serialisation attacks, which can possibly lead to remote code execution.

System information

  • Froxlor version: 0.9.39.5
  • Web server: apache2
  • DNS server: Bind
  • POP/IMAP server: Courier
  • SMTP server: postfix
  • FTP server: proftpd
  • OS/Version: Ubuntu

Vulnerable Section

Froxlor/admin_domains.php

Lines 566 to 568 in 27f8c8b

if (isset($_POST['ssl_ipandport']) && ! is_array($_POST['ssl_ipandport'])) {
$_POST['ssl_ipandport'] = unserialize($_POST['ssl_ipandport']);
}

An administrator user can create a new domain and use the code above to deserialise a PHP object, running it's magic methods to execute PHP commands on the server. This may lead to remote code execution

@d00p d00p self-assigned this May 29, 2018
@d00p d00p closed this as completed in c1e62e6 May 29, 2018
@abergmann
Copy link

CVE-2018-1000527 was assigned to this issue.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

3 participants