| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 12 Apr 2007 11:50:19 -0500 (CDT) From: Gadi Evron <ge@...uxbox.org> To: rurban@...ay.at Cc: bugtraq@...urityfocus.com Subject: Re: Critical phpwiki c99shell exploit On 12 Apr 2007 rurban@...ay.at wrote: > Via the Phpwiki 1.3.x UpLoad feature some hackers from russia uploaded a php3 or php4 file, > install a backdoor at port 8081 and have access to your whole disc and overtake the server. > > A url in the file is http://ccteam.ru/releases/c99shell > > The uploaded file has a php, php3 or php4 extension and looks like a gif to the mime magic. > So apache usually accepts it. > > To fix this phpwiki issue at first move the lib/plugin/UpLoad.php file out of this directory. > > You can fix it by adding those two lines to your list of disallowed extensions: > php3 > php4 > Currently only "php" is disallowed. > This is a good best practice, but it doesn't hold water long range. Further, where do you disallow these extensions? In the application? Mostly what the bad guys would do is upload, say.. .jpg, and then rename it. Gadi.
Powered by blists - more mailing lists