|Check Point Reference:||CPAI-2006-011|
|Date Published:||12 Feb 2006|
|Last Updated:||8 May 2007|
|Protection Provided by:|
|Who is Vulnerable?|| ADOdb version 4.68 (for PHP) and prior |
Defacing Tool 2.0 by r3v3ng4ns
|Vulnerability Description||ADOdb is a database abstraction library for PHP. A vulnerability was detected in ADOdb due to the presence pf an insecure ADOdb script that can be exploited by remote attackers to execute malicious PHP commands on the target system.
The 'Defacing Tool 2.0 by r3v3ng4ns' is a suite of php based scripts intended to deface Websites leveraging PHP remote file inclusion. Recently reports have been on the rise on aggressive scanning activity leveraging this tool suite. using this tool, attackers can deface PHP enabled Web sites.
|Update/Patch Avaliable||ADOdb: |
Upgrade to ADOdb version 4.70 :
|Vulnerability Details||ADOdb vulnerability: An input validation error exists in the "tests/tmssql.php" test script that does not properly validate the "do" parameter. This could be exploited by attackers to call arbitrary PHP functions.|
Defacing Tool 2.0 by r3v3ng4ns: This tool targets Web hosts that enable the use of remote includes. Various reports received lately have indicated site defacement leveraging this tool.