Dr. Christopher Kunz

If you or your customers run PHPKIT, patch it NOW!

A while back, I reported several vulnerabilities in PHPKIT to the vendors. Although not very well-known in the rest of the world, there’s an abundance of installations of this product in german-speaking countries, since it is very easy to install, provides a german user (and administration) interface and has about the same feature set as the infamous PHP-Nuke.

After I reported the vulnerability, no response whatsoever was received. I phoned the vendor, and they told me something about an ominous “community release” and that I should report the issues in their forum. Hell yeah. I gave the advisory (including PoC for each hole) to the forum administrator and told them to get a fix out of the door. They responded in a very weird fashion, but allegedly fixed the bugs and released an inofficial patch in the forum.

Read on for why this is bad and what happened...

                       Hardened PHP Project
                        www.hardened-php.net

                      -= Security  Advisory =-


     Advisory: Multiple vulnerabilities in phpSysInfo 
 Release Date: 2005/11/13
Last Modified: 2005/11/12 
       Author: Christopher Kunz <christopher.kunz@hardened-php.net>
  Application: phpSysInfo 2.4 and prior 
     Severity: Cross-Site Scripting, HTTP Response Splitting,
               Arbitrary local file inclusion
         Risk: Medium 
Vendor Status: Vendor has released an updated version. 
   References: http://www.hardened-php.net/advisory_212005.81.html