CERT-In Vulnerability Note CIVN-2005-61
PHPXMLRPC for PHP code execution vulnerability

Original Issue Date: July 04, 2005

Severity Rating: High

Applications Affected

PHPXMLRPC 1.1 && Earlier

Overview

A vulnerability has been discovered in PHPXMLRPC which could allow a remote attacker to compromise a vulnerable web server

Impact

Remote attacker gains system access

Description

PHPXMLRPC or XML-RPC for PHP is an implementation of the XML-RPC web RPC protocol and is used in large number of web applications.

A vulnerability found in parseRequest() function of the XMLRPC server which passes not properly sanitized data to eval() call. By creating a specially crafted XML document, the remote attacker can inject PHP code on the target server to compromise the system.

Note: SANS internet storm center predicted that this vulnerability has high probability of large scale exploitation.

Solution

Update to new version as suggested by vendor
http://sourceforge.net/project/showfiles.php?group_id=34455& package_id=26601

In case of difficulty in upgrading appropriate patch may be applied
http://www.phpbb.com/phpBB/viewtopic.php?t=302011

References

Secunia
http://secunia.com/advisories/15852/

Gulftech Research (Author)
http://www.gulftech.org/?node=research&article_id=00088- 07022005

Disclaimer

The information provided herein is on "as is" basis, without warranty of any kind.

Contact Information

Phone: +91 11-24368572

Postal address

Indian Computer Emergency Response Team (CERT-In)
Ministry of Communications and Information Technology
Electronics Niketan
6, C.G.O. Complex
New Delhi-110 003