Users login

Create an account »

JOIN XATRIX

Users login

Home » Hacking News » Big Sam Multiple Vulnerabilities

Big Sam Multiple Vulnerabilities

by Nikola Strahija on March 19th, 2002 Big Sam (Built-In Guestbook Stand-Alone Module) is a PHP3/4 script guestbook which does not use databases. It is very simple to set up, very simple to administer, and very accurate. A vulnerability exists in Big Sam, which may cause extreme usage of system resources and may cause web root path disclosure.


Details
-------
The "bigsam_guestbook.php" where all the
guestbook viewing operations take place, there's an
option to view entries according to their number in
different pages.
This is accomplished by using "$displayBegin"
variable
supplied with integers.

When a user requests a maliciously crafted URL, the
script will run as usual but if the given number is a
really huge one, the system may run out of resources
in time, or if the "safe_mode" option is "ON" in PHP
config of server, the script might prematurely end
giving an error message, including the web root path.

Put many numbers instead of dots in the example
below.
http://site/bigsam_guestbook.php?
displayBegin=9999...9999

If the "safe_mode" option is "ON", a possible error
message like the one below may appear
approximately in 30 seconds depending on server
config.

"Fatal error: Maximum execution time of 30 seconds
exceeded in
home/users/sites/example/bigsam_guestbook.php
on line 16"

This information may be used to aid in
further "intelligent" attacks against the host running
the vulnerable Big Sam guestbook.


Solution
--------
The vendor has verified the existence of the
vulnerebility and fixed this issue in version 1.1.09

I suggested following as a workaround:
Limit the "$displayBegin" variable, or check if the
given post number exists.


Credits
-------
Discovered on 15, March, 2002 by
Ahmet Sabri ALPER
[email protected]
http://www.olympos.org


References
----------
Product Web Page: http://bigsam.gezzed.net/


Newsletter signup

Signup to our monthly newsletter and stay in touch with IT news!

Free E-books

We've got ebooks! But they're not online. :( Please give us a few days to bring downloads back.

Contact

Have something to say or just wanna drop us a line? Please keep this in mind: to spam, we reply with spam.

Contact us »