Title: Multiple vulnerabilities in Ice Cold Apps Servers Ulitmate Version 6.0.2(12) for Android |
Author: Larry W. Cashdollar, @_larry0 |
Date: 2013-09-08 |
CVE-ID:[CVE-2013-7465] |
CWE: |
Download Site: http://www.amazon.com/Ice-Cold-Apps-Servers-Ultimate/dp/B00E00C44G/ref=sr_1_1?s=mobile-apps&ie=UTF8&qid=1378688647 |
Vendor: Ice Cold Apps |
Vendor Notified: 2013-09-08 |
Vendor Contact: |
Advisory: http://www.vapid.dhs.org/advisories/ultimate-server-android-vulns.html |
Description: **Run over 60 servers with over 70 protocols!** Now you can run a CVS, DC Hub, DHCP, UPnP, DNS, DDNS, eDonkey, Email (POP3 / SMTP), FTP Proxy, FTP, FTPS, FTPES, Flash Policy, Git, Gopher, HTTP Snoop, ICAP, IRC Bot, IRC, ISCSI, Icecast, LPD, Load Balancer, MQTT, Memcached, MongoDB, MySQL, NFS, NTP, NZB Client, Napster, PHP and Lighttpd, PXE, Port Forwarder, Proxy, RTMP, Remote Control, Rsync, SIP, SMB/CIFS, SMPP, SMS, Socks, SFTP, SSH, Server Monitor, Stomp, Styx, Syslog, TFTP, Telnet, Time, Trigger, Unison, UPnP Port Mapper, VNC, VPN, Wake On Lan, Web, WebDAV, WebSocket, X11 and/or XMPP server! Start a server easily on the 'Simple' tab or go advanced and add users, allowed IP's, rules and more! Multiple servers can be run at the same time! No root needed, exceptions mentioned below. **Over 16 network tools!** Trial: This app will work for 14 days after which you will need to buy the paid version. You can also only add two servers in this app. Unfortunately we need to do this to support development. **Remote control support!** Server limitations: - Port Forwarder: root needed. - VNC Server: root needed and doesn’t work on most devices. - Samba Server: won’t work on Windows. - CVS, UPnP, Email, PHP, Lighttpd, MySQL, Rsync, VNC Server: only one server of this type can run at the same time. - ARM based: PHP, Lighttpd, MySQL, CVS, Rsync, VNC, SSH command line, Port forward, MySQL monitor, Traceroute **Includes a PHP Server!** Note: - The permission for receiving and sending SMS are for the optional SMS Gateway Server. **Light or dark Holo theme!** A few general features: - Encryption for settings and password login support! - Tasker and Llama support! - Start / Stop servers automatically using WIFI / SMS / call / power or cronjob rules! Or use the 'Trigger Server' for more! - Set a port, network interface to listen on, backlog, logging (to file), etc. And if rooted set a port below 1024. - Widget support! - A lot more! **Change your device to a NAS Server, dedicated server and/or honeypot! Network tools: - Remote Control Client - Simple shtaccess editor - Connectability - IP Calculator (IPv4 / IPv6) - Port Scanner - MySQL Monitor - Whois - Raw socket (TCP / UDP) - Command line - Ping - Network speed - HTTP Headers - Wake On LAN (WOL) - Lookup (DNS, IP, Host, Mac to Vendor) - Traceroute - UPnP Port Mapper Servers: - CVS Server - DC Hub Server (Direct Connect Hub) - DHCP Server - DHCP Proxy Server - DHCP Relay Server - UPnP Server - DNS Server - DNSMasq Server - Dynamic DNS Updater: DDNS services ChangeIP, DNSdynamic, DNSexit, DNSMadeEasy, DNS-O-Matic, DNSPark, DtDNS, DynDNS, easyDNS, eNom, Namecheap, No-IP, ZoneEdit, etc - eDonkey Server - Email Server: POP3, SMTP - FTP Proxy Server - FTP Server - FTP Root Server - FTPS Server - FTPES Server - Flash Policy Server - Git Server - Gopher Server - HTTP Proxy Server - HTTP Snoop Server - ICAP Server - IRC Bot - IRC Server - ISCSI Server - Icecast Server - Load Balancer Server - LPD Server (Printer Server) - MQTT Server - Memcached Server - MongoDB Server - Multicast DNS Server (Bonjour) - MySQL Server - NFS Server - NTP Server - NZB Downloader Client - Napster Server - PHP Server and Lighttpd Server (optional PHPMyAdmin, PHPFileManager, etc) - Port Forwarder - Proxy Server - PXE Server (Network Boot) - Remote Control App Server - Rsync Server - RTMP Server - RTMP Proxy Server - SIP Server - SMB / CIFS Server (Samba) - SMPP Server - SMS Gateway - SOCKS Server - SSH Server - SCP Server - Server Monitor - SFTP Server - Stomp Server - Styx Server - Syslog Server - TFTP Server - Telnet Server - Test Server: Echo, Discard, CHARGEN, QOTD - Time Server - Trigger Server - Unison Server - UPnP Port Mapper - VNC Server - VPN Server - Wake On LAN clien Visit us on: http://www.icecoldapps.com/ Follow us on Twitter: https://twitter.com/IceColdApps Like us on Facebook: http://www.facebook.com/IceColdApps |
Vulnerability: There are no credentials by default, authentication is disabled for telnet/ssh/ftp allowing remote access to the device's storage. PHP can be uploaded to the webserver and executed.
ftp server allows writes to lighttp/php* directory.
telnet default authentication turned off.
ssh server default authentication turned off.
Anonymous SOCKS proxy & http/ftp proxy.
SSHD
larry$ ssh 192.168.0.29 -p 2222
$ id
uid=10041(app_41) gid=10041(app_41) groups=1015(sdcard_rw),3003(inet) $ uptime
up time: 19:42:02, idle time: 18:47:19, sleep time: 00:00:00 $
Telnet
larry$ telnet 192.168.0.29 2323
Trying 192.168.0.29...
Connected to 192.168.0.29.
Escape character is '^]'.
Welcome to tel!
Please enter some text to test the connection and hit enter:
$
$
id
$ id
uid=10041(app_41) gid=10041(app_41) groups=1015(sdcard_rw),3003(inet) $
lighttpd / PHP server
Here is the phpinfo() info output Because of the sandboxing eval(),system(),pass_thru() won't work.
php has the following functions available:
Via
<?php
$arr = get_defined_functions();
echo "<pre>";
print_r($arr);
echo "</pre>";
?>
Returned the following:
Array
(
[internal] => Array
(
[0] => zend_version
[1] => func_num_args
[2] => func_get_arg
[3] => func_get_args
[4] => strlen
[5] => strcmp
[6] => strncmp
[7] => strcasecmp
[8] => strncasecmp
[9] => each
[10] => error_reporting
[11] => define
[12] => defined
[13] => get_class
[14] => get_called_class
[15] => get_parent_class
[16] => method_exists
[17] => property_exists
[18] => class_exists
[19] => interface_exists
[20] => trait_exists
[21] => function_exists
[22] => class_alias
[23] => get_included_files
[24] => get_required_files
[25] => is_subclass_of
[26] => is_a
[27] => get_class_vars
[28] => get_object_vars
[29] => get_class_methods
[30] => trigger_error
[31] => user_error
[32] => set_error_handler
[33] => restore_error_handler
[34] => set_exception_handler
[35] => restore_exception_handler
[36] => get_declared_classes
[37] => get_declared_traits
[38] => get_declared_interfaces
[39] => get_defined_functions
[40] => get_defined_vars
[41] => create_function
[42] => get_resource_type
[43] => get_loaded_extensions
[44] => extension_loaded
[45] => get_extension_funcs
[46] => get_defined_constants
[47] => debug_backtrace
[48] => debug_print_backtrace
[49] => gc_collect_cycles
[50] => gc_enabled
[51] => gc_enable
[52] => gc_disable
[53] => strtotime
[54] => date
[55] => idate
[56] => gmdate
[57] => mktime
[58] => gmmktime
[59] => checkdate
[60] => strftime
[61] => gmstrftime
[62] => time
[63] => localtime
[64] => getdate
[65] => date_create
[66] => date_create_from_format
[67] => date_parse
[68] => date_parse_from_format
[69] => date_get_last_errors
[70] => date_format
[71] => date_modify
[72] => date_add
[73] => date_sub
[74] => date_timezone_get
[75] => date_timezone_set
[76] => date_offset_get
[77] => date_diff
[78] => date_time_set
[79] => date_date_set
[80] => date_isodate_set
[81] => date_timestamp_set
[82] => date_timestamp_get
[83] => timezone_open
[84] => timezone_name_get
[85] => timezone_name_from_abbr
[86] => timezone_offset_get
[87] => timezone_transitions_get
[88] => timezone_location_get
[89] => timezone_identifiers_list
[90] => timezone_abbreviations_list
[91] => timezone_version_get
[92] => date_interval_create_from_date_string
[93] => date_interval_format
[94] => date_default_timezone_set
[95] => date_default_timezone_get
[96] => date_sunrise
[97] => date_sunset
[98] => date_sun_info
[99] => ereg
[100] => ereg_replace
[101] => eregi
[102] => eregi_replace
[103] => split
[104] => spliti
[105] => sql_regcase
[106] => libxml_set_streams_context
[107] => libxml_use_internal_errors
[108] => libxml_get_last_error
[109] => libxml_clear_errors
[110] => libxml_get_errors
[111] => libxml_disable_entity_loader
[112] => libxml_set_external_entity_loader
[113] => preg_match
[114] => preg_match_all
[115] => preg_replace
[116] => preg_replace_callback
[117] => preg_filter
[118] => preg_split
[119] => preg_quote
[120] => preg_grep
[121] => preg_last_error
[122] => readgzfile
[123] => gzrewind
[124] => gzclose
[125] => gzeof
[126] => gzgetc
[127] => gzgets
[128] => gzgetss
[129] => gzread
[130] => gzopen
[131] => gzpassthru
[132] => gzseek
[133] => gztell
[134] => gzwrite
[135] => gzputs
[136] => gzfile
[137] => gzcompress
[138] => gzuncompress
[139] => gzdeflate
[140] => gzinflate
[141] => gzencode
[142] => gzdecode
[143] => zlib_encode
[144] => zlib_decode
[145] => zlib_get_coding_type
[146] => ob_gzhandler
[147] => ctype_alnum
[148] => ctype_alpha
[149] => ctype_cntrl
[150] => ctype_digit
[151] => ctype_lower
[152] => ctype_graph
[153] => ctype_print
[154] => ctype_punct
[155] => ctype_space
[156] => ctype_upper
[157] => ctype_xdigit
[158] => curl_init
[159] => curl_copy_handle
[160] => curl_version
[161] => curl_setopt
[162] => curl_setopt_array
[163] => curl_exec
[164] => curl_getinfo
[165] => curl_error
[166] => curl_errno
[167] => curl_close
[168] => curl_multi_init
[169] => curl_multi_add_handle
[170] => curl_multi_remove_handle
[171] => curl_multi_select
[172] => curl_multi_exec
[173] => curl_multi_getcontent
[174] => curl_multi_info_read
[175] => curl_multi_close
[176] => dom_import_simplexml
[177] => finfo_open
[178] => finfo_close
[179] => finfo_set_flags
[180] => finfo_file
[181] => finfo_buffer
[182] => mime_content_type
[183] => filter_input
[184] => filter_var
[185] => filter_input_array
[186] => filter_var_array
[187] => filter_list
[188] => filter_has_var
[189] => filter_id
[190] => ftp_connect
[191] => ftp_login
[192] => ftp_pwd
[193] => ftp_cdup
[194] => ftp_chdir
[195] => ftp_exec
[196] => ftp_raw
[197] => ftp_mkdir
[198] => ftp_rmdir
[199] => ftp_chmod
[200] => ftp_alloc
[201] => ftp_nlist
[202] => ftp_rawlist
[203] => ftp_systype
[204] => ftp_pasv
[205] => ftp_get
[206] => ftp_fget
[207] => ftp_put
[208] => ftp_fput
[209] => ftp_size
[210] => ftp_mdtm
[211] => ftp_rename
[212] => ftp_delete
[213] => ftp_site
[214] => ftp_close
[215] => ftp_set_option
[216] => ftp_get_option
[217] => ftp_nb_fget
[218] => ftp_nb_get
[219] => ftp_nb_continue
[220] => ftp_nb_put
[221] => ftp_nb_fput
[222] => ftp_quit
[223] => gd_info
[224] => imagearc
[225] => imageellipse
[226] => imagechar
[227] => imagecharup
[228] => imagecolorat
[229] => imagecolorallocate
[230] => imagepalettecopy
[231] => imagecreatefromstring
[232] => imagecolorclosest
[233] => imagecolorclosesthwb
[234] => imagecolordeallocate
[235] => imagecolorresolve
[236] => imagecolorexact
[237] => imagecolorset
[238] => imagecolortransparent
[239] => imagecolorstotal
[240] => imagecolorsforindex
[241] => imagecopy
[242] => imagecopymerge
[243] => imagecopymergegray
[244] => imagecopyresized
[245] => imagecreate
[246] => imagecreatetruecolor
[247] => imageistruecolor
[248] => imagetruecolortopalette
[249] => imagesetthickness
[250] => imagefilledarc
[251] => imagefilledellipse
[252] => imagealphablending
[253] => imagesavealpha
[254] => imagecolorallocatealpha
[255] => imagecolorresolvealpha
[256] => imagecolorclosestalpha
[257] => imagecolorexactalpha
[258] => imagecopyresampled
[259] => imagerotate
[260] => imageantialias
[261] => imagesettile
[262] => imagesetbrush
[263] => imagesetstyle
[264] => imagecreatefrompng
[265] => imagecreatefromgif
[266] => imagecreatefromjpeg
[267] => imagecreatefromwbmp
[268] => imagecreatefromxbm
[269] => imagecreatefromgd
[270] => imagecreatefromgd2
[271] => imagecreatefromgd2part
[272] => imagepng
[273] => imagegif
[274] => imagejpeg
[275] => imagewbmp
[276] => imagegd
[277] => imagegd2
[278] => imagedestroy
[279] => imagegammacorrect
[280] => imagefill
[281] => imagefilledpolygon
[282] => imagefilledrectangle
[283] => imagefilltoborder
[284] => imagefontwidth
[285] => imagefontheight
[286] => imageinterlace
[287] => imageline
[288] => imageloadfont
[289] => imagepolygon
[290] => imagerectangle
[291] => imagesetpixel
[292] => imagestring
[293] => imagestringup
[294] => imagesx
[295] => imagesy
[296] => imagedashedline
[297] => imagetypes
[298] => jpeg2wbmp
[299] => png2wbmp
[300] => image2wbmp
[301] => imagelayereffect
[302] => imagexbm
[303] => imagecolormatch
[304] => imagefilter
[305] => imageconvolution
[306] => textdomain
[307] => gettext
[308] =>
[309] => dgettext
[310] => dcgettext
[311] => bindtextdomain
[312] => ngettext
[313] => dngettext
[314] => dcngettext
[315] => bindtextdomain_codeset
[316] => hash
[317] => hash_file
[318] => hash_hmac
[319] => hash_hmac_file
[320] => hash_init
[321] => hash_update
[322] => hash_update_stream
[323] => hash_update_file
[324] => hash_final
[325] => hash_copy
[326] => hash_algos
[327] => iconv
[328] => iconv_get_encoding
[329] => iconv_set_encoding
[330] => iconv_strlen
[331] => iconv_substr
[332] => iconv_strpos
[333] => iconv_strrpos
[334] => iconv_mime_encode
[335] => iconv_mime_decode
[336] => iconv_mime_decode_headers
[337] => json_encode
[338] => json_decode
[339] => json_last_error
[340] => mb_convert_case
[341] => mb_strtoupper
[342] => mb_strtolower
[343] => mb_language
[344] => mb_internal_encoding
[345] => mb_http_input
[346] => mb_http_output
[347] => mb_detect_order
[348] => mb_substitute_character
[349] => mb_parse_str
[350] => mb_output_handler
[351] => mb_preferred_mime_name
[352] => mb_strlen
[353] => mb_strpos
[354] => mb_strrpos
[355] => mb_stripos
[356] => mb_strripos
[357] => mb_strstr
[358] => mb_strrchr
[359] => mb_stristr
[360] => mb_strrichr
[361] => mb_substr_count
[362] => mb_substr
[363] => mb_strcut
[364] => mb_strwidth
[365] => mb_strimwidth
[366] => mb_convert_encoding
[367] => mb_detect_encoding
[368] => mb_list_encodings
[369] => mb_encoding_aliases
[370] => mb_convert_kana
[371] => mb_encode_mimeheader
[372] => mb_decode_mimeheader
[373] => mb_convert_variables
[374] => mb_encode_numericentity
[375] => mb_decode_numericentity
[376] => mb_send_mail
[377] => mb_get_info
[378] => mb_check_encoding
[379] => mb_regex_encoding
[380] => mb_regex_set_options
[381] => mb_ereg
[382] => mb_eregi
[383] => mb_ereg_replace
[384] => mb_eregi_replace
[385] => mb_ereg_replace_callback
[386] => mb_split
[387] => mb_ereg_match
[388] => mb_ereg_search
[389] => mb_ereg_search_pos
[390] => mb_ereg_search_regs
[391] => mb_ereg_search_init
[392] => mb_ereg_search_getregs
[393] => mb_ereg_search_getpos
[394] => mb_ereg_search_setpos
[395] => mbregex_encoding
[396] => mbereg
[397] => mberegi
[398] => mbereg_replace
[399] => mberegi_replace
[400] => mbsplit
[401] => mbereg_match
[402] => mbereg_search
[403] => mbereg_search_pos
[404] => mbereg_search_regs
[405] => mbereg_search_init
[406] => mbereg_search_getregs
[407] => mbereg_search_getpos
[408] => mbereg_search_setpos
[409] => mcrypt_ecb
[410] => mcrypt_cbc
[411] => mcrypt_cfb
[412] => mcrypt_ofb
[413] => mcrypt_get_key_size
[414] => mcrypt_get_block_size
[415] => mcrypt_get_cipher_name
[416] => mcrypt_create_iv
[417] => mcrypt_list_algorithms
[418] => mcrypt_list_modes
[419] => mcrypt_get_iv_size
[420] => mcrypt_encrypt
[421] => mcrypt_decrypt
[422] => mcrypt_module_open
[423] => mcrypt_generic_init
[424] => mcrypt_generic
[425] => mdecrypt_generic
[426] => mcrypt_generic_end
[427] => mcrypt_generic_deinit
[428] => mcrypt_enc_self_test
[429] => mcrypt_enc_is_block_algorithm_mode
[430] => mcrypt_enc_is_block_algorithm
[431] => mcrypt_enc_is_block_mode
[432] => mcrypt_enc_get_block_size
[433] => mcrypt_enc_get_key_size
[434] => mcrypt_enc_get_supported_key_sizes
[435] => mcrypt_enc_get_iv_size
[436] => mcrypt_enc_get_algorithms_name
[437] => mcrypt_enc_get_modes_name
[438] => mcrypt_module_self_test
[439] => mcrypt_module_is_block_algorithm_mode
[440] => mcrypt_module_is_block_algorithm
[441] => mcrypt_module_is_block_mode
[442] => mcrypt_module_get_algo_block_size
[443] => mcrypt_module_get_algo_key_size
[444] => mcrypt_module_get_supported_key_sizes
[445] => mcrypt_module_close
[446] => mysql_connect
[447] => mysql_pconnect
[448] => mysql_close
[449] => mysql_select_db
[450] => mysql_query
[451] => mysql_unbuffered_query
[452] => mysql_db_query
[453] => mysql_list_dbs
[454] => mysql_list_tables
[455] => mysql_list_fields
[456] => mysql_list_processes
[457] => mysql_error
[458] => mysql_errno
[459] => mysql_affected_rows
[460] => mysql_insert_id
[461] => mysql_result
[462] => mysql_num_rows
[463] => mysql_num_fields
[464] => mysql_fetch_row
[465] => mysql_fetch_array
[466] => mysql_fetch_assoc
[467] => mysql_fetch_object
[468] => mysql_data_seek
[469] => mysql_fetch_lengths
[470] => mysql_fetch_field
[471] => mysql_field_seek
[472] => mysql_free_result
[473] => mysql_field_name
[474] => mysql_field_table
[475] => mysql_field_len
[476] => mysql_field_type
[477] => mysql_field_flags
[478] => mysql_escape_string
[479] => mysql_real_escape_string
[480] => mysql_stat
[481] => mysql_thread_id
[482] => mysql_client_encoding
[483] => mysql_ping
[484] => mysql_get_client_info
[485] => mysql_get_host_info
[486] => mysql_get_proto_info
[487] => mysql_get_server_info
[488] => mysql_info
[489] => mysql_set_charset
[490] => mysql
[491] => mysql_fieldname
[492] => mysql_fieldtable
[493] => mysql_fieldlen
[494] => mysql_fieldtype
[495] => mysql_fieldflags
[496] => mysql_selectdb
[497] => mysql_freeresult
[498] => mysql_numfields
[499] => mysql_numrows
[500] => mysql_listdbs
[501] => mysql_listtables
[502] => mysql_listfields
[503] => mysql_db_name
[504] => mysql_dbname
[505] => mysql_tablename
[506] => mysql_table_name
[507] => mysqli_affected_rows
[508] => mysqli_autocommit
[509] => mysqli_change_user
[510] => mysqli_character_set_name
[511] => mysqli_close
[512] => mysqli_commit
[513] => mysqli_connect
[514] => mysqli_connect_errno
[515] => mysqli_connect_error
[516] => mysqli_data_seek
[517] => mysqli_dump_debug_info
[518] => mysqli_debug
[519] => mysqli_errno
[520] => mysqli_error
[521] => mysqli_error_list
[522] => mysqli_stmt_execute
[523] => mysqli_execute
[524] => mysqli_fetch_field
[525] => mysqli_fetch_fields
[526] => mysqli_fetch_field_direct
[527] => mysqli_fetch_lengths
[528] => mysqli_fetch_array
[529] => mysqli_fetch_assoc
[530] => mysqli_fetch_object
[531] => mysqli_fetch_row
[532] => mysqli_field_count
[533] => mysqli_field_seek
[534] => mysqli_field_tell
[535] => mysqli_free_result
[536] => mysqli_get_charset
[537] => mysqli_get_client_info
[538] => mysqli_get_client_version
[539] => mysqli_get_host_info
[540] => mysqli_get_proto_info
[541] => mysqli_get_server_info
[542] => mysqli_get_server_version
[543] => mysqli_get_warnings
[544] => mysqli_init
[545] => mysqli_info
[546] => mysqli_insert_id
[547] => mysqli_kill
[548] => mysqli_set_local_infile_default
[549] => mysqli_set_local_infile_handler
[550] => mysqli_more_results
[551] => mysqli_multi_query
[552] => mysqli_next_result
[553] => mysqli_num_fields
[554] => mysqli_num_rows
[555] => mysqli_options
[556] => mysqli_ping
[557] => mysqli_prepare
[558] => mysqli_report
[559] => mysqli_query
[560] => mysqli_real_connect
[561] => mysqli_real_escape_string
[562] => mysqli_real_query
[563] => mysqli_rollback
[564] => mysqli_select_db
[565] => mysqli_set_charset
[566] => mysqli_stmt_affected_rows
[567] => mysqli_stmt_attr_get
[568] => mysqli_stmt_attr_set
[569] => mysqli_stmt_bind_param
[570] => mysqli_stmt_bind_result
[571] => mysqli_stmt_close
[572] => mysqli_stmt_data_seek
[573] => mysqli_stmt_errno
[574] => mysqli_stmt_error
[575] => mysqli_stmt_error_list
[576] => mysqli_stmt_fetch
[577] => mysqli_stmt_field_count
[578] => mysqli_stmt_free_result
[579] => mysqli_stmt_get_warnings
[580] => mysqli_stmt_init
[581] => mysqli_stmt_insert_id
[582] => mysqli_stmt_num_rows
[583] => mysqli_stmt_param_count
[584] => mysqli_stmt_prepare
[585] => mysqli_stmt_reset
[586] => mysqli_stmt_result_metadata
[587] => mysqli_stmt_send_long_data
[588] => mysqli_stmt_store_result
[589] => mysqli_stmt_sqlstate
[590] => mysqli_sqlstate
[591] => mysqli_ssl_set
[592] => mysqli_stat
[593] => mysqli_store_result
[594] => mysqli_thread_id
[595] => mysqli_thread_safe
[596] => mysqli_use_result
[597] => mysqli_warning_count
[598] => mysqli_refresh
[599] => mysqli_escape_string
[600] => mysqli_set_opt
[601] => pdo_drivers
[602] => posix_kill
[603] => posix_getpid
[604] => posix_getppid
[605] => posix_getuid
[606] => posix_setuid
[607] => posix_geteuid
[608] => posix_seteuid
[609] => posix_getgid
[610] => posix_setgid
[611] => posix_getegid
[612] => posix_setegid
[613] => posix_getgroups
[614] => posix_getlogin
[615] => posix_getpgrp
[616] => posix_setsid
[617] => posix_setpgid
[618] => posix_getpgid
[619] => posix_getsid
[620] => posix_uname
[621] => posix_times
[622] => posix_ctermid
[623] => posix_ttyname
[624] => posix_isatty
[625] => posix_getcwd
[626] => posix_mkfifo
[627] => posix_mknod
[628] => posix_access
[629] => posix_getgrnam
[630] => posix_getgrgid
[631] => posix_getpwnam
[632] => posix_getpwuid
[633] => posix_getrlimit
[634] => posix_get_last_error
[635] => posix_errno
[636] => posix_strerror
[637] => posix_initgroups
[638] => session_name
[639] => session_module_name
[640] => session_save_path
[641] => session_id
[642] => session_regenerate_id
[643] => session_decode
[644] => session_encode
[645] => session_start
[646] => session_destroy
[647] => session_unset
[648] => session_set_save_handler
[649] => session_cache_limiter
[650] => session_cache_expire
[651] => session_set_cookie_params
[652] => session_get_cookie_params
[653] => session_write_close
[654] => session_status
[655] => session_register_shutdown
[656] => session_commit
[657] => simplexml_load_file
[658] => simplexml_load_string
[659] => simplexml_import_dom
[660] => use_soap_error_handler
[661] => is_soap_fault
[662] => socket_select
[663] => socket_create
[664] => socket_create_listen
[665] => socket_create_pair
[666] => socket_accept
[667] => socket_set_nonblock
[668] => socket_set_block
[669] => socket_listen
[670] => socket_close
[671] => socket_write
[672] => socket_read
[673] => socket_getsockname
[674] => socket_getpeername
[675] => socket_connect
[676] => socket_strerror
[677] => socket_bind
[678] => socket_recv
[679] => socket_send
[680] => socket_recvfrom
[681] => socket_sendto
[682] => socket_get_option
[683] => socket_set_option
[684] => socket_shutdown
[685] => socket_last_error
[686] => socket_clear_error
[687] => socket_import_stream
[688] => socket_getopt
[689] => socket_setopt
[690] => spl_classes
[691] => spl_autoload
[692] => spl_autoload_extensions
[693] => spl_autoload_register
[694] => spl_autoload_unregister
[695] => spl_autoload_functions
[696] => spl_autoload_call
[697] => class_parents
[698] => class_implements
[699] => class_uses
[700] => spl_object_hash
[701] => iterator_to_array
[702] => iterator_count
[703] => iterator_apply
[704] => constant
[705] => bin2hex
[706] => hex2bin
[707] => sleep
[708] => usleep
[709] => time_nanosleep
[710] => time_sleep_until
[711] => strptime
[712] => flush
[713] => wordwrap
[714] => htmlspecialchars
[715] => htmlentities
[716] => html_entity_decode
[717] => htmlspecialchars_decode
[718] => get_html_translation_table
[719] => sha1
[720] => sha1_file
[721] => md5
[722] => md5_file
[723] => crc32
[724] => iptcparse
[725] => iptcembed
[726] => getimagesize
[727] => getimagesizefromstring
[728] => image_type_to_mime_type
[729] => image_type_to_extension
[730] => phpinfo
[731] => phpversion
[732] => phpcredits
[733] => php_logo_guid
[734] => php_real_logo_guid
[735] => php_egg_logo_guid
[736] => zend_logo_guid
[737] => php_sapi_name
[738] => php_uname
[739] => php_ini_scanned_files
[740] => php_ini_loaded_file
[741] => strnatcmp
[742] => strnatcasecmp
[743] => substr_count
[744] => strspn
[745] => strcspn
[746] => strtok
[747] => strtoupper
[748] => strtolower
[749] => strpos
[750] => stripos
[751] => strrpos
[752] => strripos
[753] => strrev
[754] => hebrev
[755] => hebrevc
[756] => nl2br
[757] => basename
[758] => dirname
[759] => pathinfo
[760] => stripslashes
[761] => stripcslashes
[762] => strstr
[763] => stristr
[764] => strrchr
[765] => str_shuffle
[766] => str_word_count
[767] => str_split
[768] => strpbrk
[769] => substr_compare
[770] => strcoll
[771] => money_format
[772] => substr
[773] => substr_replace
[774] => quotemeta
[775] => ucfirst
[776] => lcfirst
[777] => ucwords
[778] => strtr
[779] => addslashes
[780] => addcslashes
[781] => rtrim
[782] => str_replace
[783] => str_ireplace
[784] => str_repeat
[785] => count_chars
[786] => chunk_split
[787] => trim
[788] => ltrim
[789] => strip_tags
[790] => similar_text
[791] => explode
[792] => implode
[793] => join
[794] => setlocale
[795] => localeconv
[796] => nl_langinfo
[797] => soundex
[798] => levenshtein
[799] => chr
[800] => ord
[801] => parse_str
[802] => str_getcsv
[803] => str_pad
[804] => chop
[805] => strchr
[806] => sprintf
[807] => printf
[808] => vprintf
[809] => vsprintf
[810] => fprintf
[811] => vfprintf
[812] => sscanf
[813] => fscanf
[814] => parse_url
[815] => urlencode
[816] => urldecode
[817] => rawurlencode
[818] => rawurldecode
[819] => http_build_query
[820] => readlink
[821] => linkinfo
[822] => symlink
[823] => link
[824] => unlink
[825] => exec
[826] => system
[827] => escapeshellcmd
[828] => escapeshellarg
[829] => passthru
[830] => shell_exec
[831] => proc_open
[832] => proc_close
[833] => proc_terminate
[834] => proc_get_status
[835] => proc_nice
[836] => rand
[837] => srand
[838] => getrandmax
[839] => mt_rand
[840] => mt_srand
[841] => mt_getrandmax
[842] => getservbyname
[843] => getservbyport
[844] => getprotobyname
[845] => getprotobynumber
[846] => getmyuid
[847] => getmygid
[848] => getmypid
[849] => getmyinode
[850] => getlastmod
[851] => base64_decode
[852] => base64_encode
[853] => convert_uuencode
[854] => convert_uudecode
[855] => abs
[856] => ceil
[857] => floor
[858] => round
[859] => sin
[860] => cos
[861] => tan
[862] => asin
[863] => acos
[864] => atan
[865] => atanh
[866] => atan2
[867] => sinh
[868] => cosh
[869] => tanh
[870] => asinh
[871] => acosh
[872] => expm1
[873] => log1p
[874] => pi
[875] => is_finite
[876] => is_nan
[877] => is_infinite
[878] => pow
[879] => exp
[880] => log
[881] => log10
[882] => sqrt
[883] => hypot
[884] => deg2rad
[885] => rad2deg
[886] => bindec
[887] => hexdec
[888] => octdec
[889] => decbin
[890] => decoct
[891] => dechex
[892] => base_convert
[893] => number_format
[894] => fmod
[895] => inet_ntop
[896] => inet_pton
[897] => ip2long
[898] => long2ip
[899] => getenv
[900] => putenv
[901] => getopt
[902] => sys_getloadavg
[903] => microtime
[904] => gettimeofday
[905] => getrusage
[906] => uniqid
[907] => quoted_printable_decode
[908] => quoted_printable_encode
[909] => convert_cyr_string
[910] => get_current_user
[911] => set_time_limit
[912] => header_register_callback
[913] => get_cfg_var
[914] => magic_quotes_runtime
[915] => set_magic_quotes_runtime
[916] => get_magic_quotes_gpc
[917] => get_magic_quotes_runtime
[918] => error_log
[919] => error_get_last
[920] => call_user_func
[921] => call_user_func_array
[922] => call_user_method
[923] => call_user_method_array
[924] => forward_static_call
[925] => forward_static_call_array
[926] => serialize
[927] => unserialize
[928] => var_dump
[929] => var_export
[930] => debug_zval_dump
[931] => print_r
[932] => memory_get_usage
[933] => memory_get_peak_usage
[934] => register_shutdown_function
[935] => register_tick_function
[936] => unregister_tick_function
[937] => highlight_file
[938] => show_source
[939] => highlight_string
[940] => php_strip_whitespace
[941] => ini_get
[942] => ini_get_all
[943] => ini_set
[944] => ini_alter
[945] => ini_restore
[946] => get_include_path
[947] => set_include_path
[948] => restore_include_path
[949] => setcookie
[950] => setrawcookie
[951] => header
[952] => header_remove
[953] => headers_sent
[954] => headers_list
[955] => http_response_code
[956] => connection_aborted
[957] => connection_status
[958] => ignore_user_abort
[959] => parse_ini_file
[960] => parse_ini_string
[961] => is_uploaded_file
[962] => move_uploaded_file
[963] => gethostbyaddr
[964] => gethostbyname
[965] => gethostbynamel
[966] => gethostname
[967] => intval
[968] => floatval
[969] => doubleval
[970] => strval
[971] => gettype
[972] => settype
[973] => is_null
[974] => is_resource
[975] => is_bool
[976] => is_long
[977] => is_float
[978] => is_int
[979] => is_integer
[980] => is_double
[981] => is_real
[982] => is_numeric
[983] => is_string
[984] => is_array
[985] => is_object
[986] => is_scalar
[987] => is_callable
[988] => pclose
[989] => popen
[990] => readfile
[991] => rewind
[992] => rmdir
[993] => umask
[994] => fclose
[995] => feof
[996] => fgetc
[997] => fgets
[998] => fgetss
[999] => fread
[1000] => fopen
[1001] => fpassthru
[1002] => ftruncate
[1003] => fstat
[1004] => fseek
[1005] => ftell
[1006] => fflush
[1007] => fwrite
[1008] => fputs
[1009] => mkdir
[1010] => rename
[1011] => copy
[1012] => tempnam
[1013] => tmpfile
[1014] => file
[1015] => file_get_contents
[1016] => file_put_contents
[1017] => stream_select
[1018] => stream_context_create
[1019] => stream_context_set_params
[1020] => stream_context_get_params
[1021] => stream_context_set_option
[1022] => stream_context_get_options
[1023] => stream_context_get_default
[1024] => stream_context_set_default
[1025] => stream_filter_prepend
[1026] => stream_filter_append
[1027] => stream_filter_remove
[1028] => stream_socket_client
[1029] => stream_socket_server
[1030] => stream_socket_accept
[1031] => stream_socket_get_name
[1032] => stream_socket_recvfrom
[1033] => stream_socket_sendto
[1034] => stream_socket_enable_crypto
[1035] => stream_socket_shutdown
[1036] => stream_socket_pair
[1037] => stream_copy_to_stream
[1038] => stream_get_contents
[1039] => stream_supports_lock
[1040] => fgetcsv
[1041] => fputcsv
[1042] => flock
[1043] => get_meta_tags
[1044] => stream_set_read_buffer
[1045] => stream_set_write_buffer
[1046] => set_file_buffer
[1047] => stream_set_chunk_size
[1048] => set_socket_blocking
[1049] => stream_set_blocking
[1050] => socket_set_blocking
[1051] => stream_get_meta_data
[1052] => stream_get_line
[1053] => stream_wrapper_register
[1054] => stream_register_wrapper
[1055] => stream_wrapper_unregister
[1056] => stream_wrapper_restore
[1057] => stream_get_wrappers
[1058] => stream_get_transports
[1059] => stream_resolve_include_path
[1060] => stream_is_local
[1061] => get_headers
[1062] => stream_set_timeout
[1063] => socket_set_timeout
[1064] => socket_get_status
[1065] => realpath
[1066] => fsockopen
[1067] => pfsockopen
[1068] => pack
[1069] => unpack
[1070] => get_browser
[1071] => crypt
[1072] => opendir
[1073] => closedir
[1074] => chdir
[1075] => getcwd
[1076] => rewinddir
[1077] => readdir
[1078] => dir
[1079] => scandir
[1080] => glob
[1081] => fileatime
[1082] => filectime
[1083] => filegroup
[1084] => fileinode
[1085] => filemtime
[1086] => fileowner
[1087] => fileperms
[1088] => filesize
[1089] => filetype
[1090] => file_exists
[1091] => is_writable
[1092] => is_writeable
[1093] => is_readable
[1094] => is_executable
[1095] => is_file
[1096] => is_dir
[1097] => is_link
[1098] => stat
[1099] => lstat
[1100] => chown
[1101] => chgrp
[1102] => lchown
[1103] => lchgrp
[1104] => chmod
[1105] => touch
[1106] => clearstatcache
[1107] => disk_total_space
[1108] => disk_free_space
[1109] => diskfreespace
[1110] => realpath_cache_size
[1111] => realpath_cache_get
[1112] => mail
[1113] => ezmlm_hash
[1114] => openlog
[1115] => syslog
[1116] => closelog
[1117] => lcg_value
[1118] => metaphone
[1119] => ob_start
[1120] => ob_flush
[1121] => ob_clean
[1122] => ob_end_flush
[1123] => ob_end_clean
[1124] => ob_get_flush
[1125] => ob_get_clean
[1126] => ob_get_length
[1127] => ob_get_level
[1128] => ob_get_status
[1129] => ob_get_contents
[1130] => ob_implicit_flush
[1131] => ob_list_handlers
[1132] => ksort
[1133] => krsort
[1134] => natsort
[1135] => natcasesort
[1136] => asort
[1137] => arsort
[1138] => sort
[1139] => rsort
[1140] => usort
[1141] => uasort
[1142] => uksort
[1143] => shuffle
[1144] => array_walk
[1145] => array_walk_recursive
[1146] => count
[1147] => end
[1148] => prev
[1149] => next
[1150] => reset
[1151] => current
[1152] => key
[1153] => min
[1154] => max
[1155] => in_array
[1156] => array_search
[1157] => extract
[1158] => compact
[1159] => array_fill
[1160] => array_fill_keys
[1161] => range
[1162] => array_multisort
[1163] => array_push
[1164] => array_pop
[1165] => array_shift
[1166] => array_unshift
[1167] => array_splice
[1168] => array_slice
[1169] => array_merge
[1170] => array_merge_recursive
[1171] => array_replace
[1172] => array_replace_recursive
[1173] => array_keys
[1174] => array_values
[1175] => array_count_values
[1176] => array_reverse
[1177] => array_reduce
[1178] => array_pad
[1179] => array_flip
[1180] => array_change_key_case
[1181] => array_rand
[1182] => array_unique
[1183] => array_intersect
[1184] => array_intersect_key
[1185] => array_intersect_ukey
[1186] => array_uintersect
[1187] => array_intersect_assoc
[1188] => array_uintersect_assoc
[1189] => array_intersect_uassoc
[1190] => array_uintersect_uassoc
[1191] => array_diff
[1192] => array_diff_key
[1193] => array_diff_ukey
[1194] => array_udiff
[1195] => array_diff_assoc
[1196] => array_udiff_assoc
[1197] => array_diff_uassoc
[1198] => array_udiff_uassoc
[1199] => array_sum
[1200] => array_product
[1201] => array_filter
[1202] => array_map
[1203] => array_chunk
[1204] => array_combine
[1205] => array_key_exists
[1206] => pos
[1207] => sizeof
[1208] => key_exists
[1209] => assert
[1210] => assert_options
[1211] => version_compare
[1212] => ftok
[1213] => str_rot13
[1214] => stream_get_filters
[1215] => stream_filter_register
[1216] => stream_bucket_make_writeable
[1217] => stream_bucket_prepend
[1218] => stream_bucket_append
[1219] => stream_bucket_new
[1220] => output_add_rewrite_var
[1221] => output_reset_rewrite_vars
[1222] => sys_get_temp_dir
[1223] => token_get_all
[1224] => token_name
[1225] => xml_parser_create
[1226] => xml_parser_create_ns
[1227] => xml_set_object
[1228] => xml_set_element_handler
[1229] => xml_set_character_data_handler
[1230] => xml_set_processing_instruction_handler
[1231] => xml_set_default_handler
[1232] => xml_set_unparsed_entity_decl_handler
[1233] => xml_set_notation_decl_handler
[1234] => xml_set_external_entity_ref_handler
[1235] => xml_set_start_namespace_decl_handler
[1236] => xml_set_end_namespace_decl_handler
[1237] => xml_parse
[1238] => xml_parse_into_struct
[1239] => xml_get_error_code
[1240] => xml_error_string
[1241] => xml_get_current_line_number
[1242] => xml_get_current_column_number
[1243] => xml_get_current_byte_index
[1244] => xml_parser_free
[1245] => xml_parser_set_option
[1246] => xml_parser_get_option
[1247] => utf8_encode
[1248] => utf8_decode
[1249] => xmlwriter_open_uri
[1250] => xmlwriter_open_memory
[1251] => xmlwriter_set_indent
[1252] => xmlwriter_set_indent_string
[1253] => xmlwriter_start_comment
[1254] => xmlwriter_end_comment
[1255] => xmlwriter_start_attribute
[1256] => xmlwriter_end_attribute
[1257] => xmlwriter_write_attribute
[1258] => xmlwriter_start_attribute_ns
[1259] => xmlwriter_write_attribute_ns
[1260] => xmlwriter_start_element
[1261] => xmlwriter_end_element
[1262] => xmlwriter_full_end_element
[1263] => xmlwriter_start_element_ns
[1264] => xmlwriter_write_element
[1265] => xmlwriter_write_element_ns
[1266] => xmlwriter_start_pi
[1267] => xmlwriter_end_pi
[1268] => xmlwriter_write_pi
[1269] => xmlwriter_start_cdata
[1270] => xmlwriter_end_cdata
[1271] => xmlwriter_write_cdata
[1272] => xmlwriter_text
[1273] => xmlwriter_write_raw
[1274] => xmlwriter_start_document
[1275] => xmlwriter_end_document
[1276] => xmlwriter_write_comment
[1277] => xmlwriter_start_dtd
[1278] => xmlwriter_end_dtd
[1279] => xmlwriter_write_dtd
[1280] => xmlwriter_start_dtd_element
[1281] => xmlwriter_end_dtd_element
[1282] => xmlwriter_write_dtd_element
[1283] => xmlwriter_start_dtd_attlist
[1284] => xmlwriter_end_dtd_attlist
[1285] => xmlwriter_write_dtd_attlist
[1286] => xmlwriter_start_dtd_entity
[1287] => xmlwriter_end_dtd_entity
[1288] => xmlwriter_write_dtd_entity
[1289] => xmlwriter_output_memory
[1290] => xmlwriter_flush
[1291] => zip_open
[1292] => zip_close
[1293] => zip_read
[1294] => zip_entry_open
[1295] => zip_entry_close
[1296] => zip_entry_read
[1297] => zip_entry_filesize
[1298] => zip_entry_name
[1299] => zip_entry_compressedsize
[1300] => zip_entry_compressionmethod
[1301] => apache_child_terminate
[1302] => apache_request_headers
[1303] => apache_response_headers
[1304] => getallheaders
)
[user] => Array
(
)
) |
Export: JSON TEXT XML |
Exploit Code: |
Screen Shots: |
Notes: 98151 |
Larry W. Cashdollar
Larry Cashdollar
Larry W. Cashdollar vulnerability
Larry Cashdollar advisory