httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From sameer <sam...@c2.net>
Subject Re: [Fwd: Fwd: Update on PHP/FI hole]
Date Fri, 18 Apr 1997 18:16:55 GMT
	I just tested this on the c2 website and it doesn't seem to
apply when you are using the module.

> Anyone else seen this? Rasmus?
> -- 
> chuck
> Chuck Murcko
> The Topsail Group, West Chester PA USA
> chuck@topsail.org

-- Start of included mail.
> Date: Thu, 17 Apr 1997 10:22:24 -0400
> To: Chuck Murcko <chuck@topsail.org>
> Subject: Fwd: Update on PHP/FI hole

-- Start of included mail.
> Approved-By: aleph1@UNDERGROUND.ORG
> Sender: Bugtraq List <BUGTRAQ@netspace.org>
> Reply-To: Shamanski <jshaman@m-net.arbornet.org>
> To: BUGTRAQ@netspace.org
> Subject:      Update on PHP/FI hole
> Date:   Wed, 16 Apr 1997 21:01:12 -0400

> ============================================================================
> [DiS] Advisory 97-347.1
> Issue date: April 16, 1997
> Topic:  REMOTE Vulnerability in PHP/FI
> ----------------------------------------------------------------------------
> 
> A vulnerability has been found by DiS in PHP/FI, a NCSA httpd cgi enhancment.
> This vulnerability allows unauthorized users to view arbitrary file contents
> on the machine running httpd by sending the file name wishing to be displayed
> as the QUERY_STRING.
> 
> I. Exploit
> 
>    simply use any web browser to send the following URL:
> 
>    http://boogered.system.com/cgi-bin/php.cgi?/file/to/view
> 
>    Note: this exploit has not been tested on a system that has compiled
>          PHP/FI as an apache module. This information may or may not
>          be applicable on such a system.
> 
> II. Impact
> 
>     Remote, unauthorized users can view arbitrary file contents on the
>     system with the same privileges as the httpd (HTTP daemon) child process.
> 
> 
> III. Solution
> 
>     The author has propsed the following sollution:
> 
> >> ...The workaround is to set the following in php.h
> >>
> >> #define PATTERN_RESTRICT ".*\\.phtml$"

-- 
Sameer Parekh					Voice:   510-986-8770
President					FAX:     510-986-8777
C2Net
http://www.c2.net/				sameer@c2.net

Mime
View raw message