Signature Detail

Short Name	HTTP:PHP:PHPRPC-EXEC
Severity	High
Recommended	No
Recommended Action	Drop
Category	HTTP
Keywords	phpRPC php xml
Release Date	2006/04/25
Update Number	1213
Supported Platforms	idp-4.0+, isg-3.0+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+

HTTP: phpRPC Library Remote Code Execution

This signature detects a HTTP POST request containing maliciously crafted XML code. By including some PHP code in a <base64> XML tag, a client can cause arbitrary php code to be executed on the server.

Extended Description

phpRPC is prone to a remote code-execution vulnerability. This issue exists because the library fails to adequately sanitize user-supplied data. PHP scripts that implement the phpRPC library, such as RunCMS, may also be affected by this issue.

Affected Products

phpRPC 0.7
phpRPC 0.8
phpRPC 0.9
RunCMS 1.1.0
RunCMS 1.1.0 A
RunCMS 1.2.0
RunCMS 1.3.a
RunCMS 1.3.a2
RunCMS 1.3.a5

References

BugTraq: 16833
URL: http://sourceforge.net/projects/phprpc/
URL: http://www.securiteam.com/exploits/5PP041PI0Y.html
URL: http://www.gulftech.org/?node=research&article_id=00105-02262006

Signature Detail

Short Name

Severity

Recommended

Recommended Action

Category

Keywords

Release Date

Update Number

Supported Platforms

HTTP: phpRPC Library Remote Code Execution

Extended Description

Affected Products

References