EasyPHP Webserver OS Command Injection Vulnerability Allowing Remote Code Execution

A remote code execution vulnerability has been identified in EasyPHP Webserver version 14.1. This issue arises from an OS command injection flaw that allows unauthenticated attackers to execute arbitrary system commands with administrative privileges. The vulnerability is triggered by injecting malicious payloads into the app_service_control parameter, which is then processed by the application. Exploitation involves sending POST requests to index.php with crafted app_service_control values.

Impact

Exploitation of this vulnerability allows for remote code execution on the server, with the executed commands running under an administrative context.

Reproduction

To reproduce this vulnerability, send a POST request to 'index.php?zone=settings' with the 'app_service_control' parameter set to a command, such as 'calc.exe'. The injected command will be executed on the server with administrative privileges. This vulnerability can also be exploited using a Python script that automates the process, including the injection of a payload that downloads and executes a reverse shell.