[FD] [RT-SA-2017-011] Remote Command Execution in PDNS Manager

Advisory: Remote Command Execution in PDNS Manager RedTeam Pentesting discovered that PDNS Manager is vulnerable to a remote command execution vulnerability, if for any reason the configuration file config/config-user.php does not exist. Details ======= Product: PDNS Manager Affected Versions: Git master 3bf4e28 (2016-12-12) – 2bb00ea (2017-05-22) Fixed Versions: <= v1.2.1, >= Git Commit ccc4232 Vulnerability Type: Remote Command Execution Security Risk: medium Vendor URL: http://ift.tt/2tHSbpP Vendor Status: fixed version released Advisory URL: http://ift.tt/2soHvIv Advisory Status: published CVE: GENERIC-MAP-NOMATCH CVE URL: http://ift.tt/1jQGmEN Introduction ============ “PDNS Manager is a simple yet powerful administration tool for the Powerdns authoritative nameserver.” “PNDS Manager was developed from scratch to achieve a user-friendly and pretty looking interface.” (from project website) [0] More Details ============ PDNS Manager includes two files used for installation purposes, install.php and api/install.php. The documentation tells users to start the installation by navigating to install.php and filling out the form that is presented there to create a database connection and an admin account. When submitted, an HTTP POST request with the configuration data is sent to api/install.php. The data is first validated in api/install.php by using it to connect to the database:

Source: Gmail -> IFTTT-> Blogger

from Blogger http://ift.tt/2tHNrQP


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s