Text :  

eAccelerator encoder files backup Vulnerability

1.Description

eAccelerator is a free open-source PHP accelerator, optimizer, and dynamic
content cache. It increases the performance of PHP scripts by caching them
in their compiled state, so that the overhead of compiling is almost
completely eliminated. It also optimizes scripts to speed up their
execution. eAccelerator typically reduces server load and increases the
speed of your PHP code by 1-10 times.

2. The Vulnerability

eAccelerator has a function which encode php source in encoder.php.

You can backup all system files to specify directory or specify files.Of
course you can upload image to Web Server and backup it to the web
directory

so you can ...........

3.II. Disclosure Timeline

2009/06/29 Vendor contact.

2009/06/30 Public Disclosure.

4. Thanks

all of Whitehat Community's friend && Great Milw0rm!

2009/06/30 by cnbird

Sorry my bad english!

  References :  

http://seclists.org/bugtraq/2009/Jul/0009.html