RE: Critical phpwiki c99shell exploit

看板Bugtraq作者it.時間19年前 (2007/04/13 06:13)推噓0(0推 0噓 0→)

留言0則, 0人參與討論串1/1

This is a multipart message in MIME format. ------=_NextPart_000_0038_01C77D01.3356E300 Content-Type: text/plain; charset="windows-1250" Content-Transfer-Encoding: 7bit On that note you might as well deny php5 too --Ryan Neufeld IT Systems Manager it@magpowersystems.com MagPower Systems Inc. Ph: (640)940-3232 Fax: (640)940-3233 -----Original Message----- From: Gadi Evron [mailto:ge@linuxbox.org] Sent: Thursday, April 12, 2007 9:50 AM To: rurban@x-ray.at Cc: bugtraq@securityfocus.com Subject: Re: Critical phpwiki c99shell exploit On 12 Apr 2007 rurban@x-ray.at wrote: > Via the Phpwiki 1.3.x UpLoad feature some hackers from russia uploaded a php3 or php4 file, > install a backdoor at port 8081 and have access to your whole disc and overtake the server. > > A url in the file is http://ccteam.ru/releases/c99shell > > The uploaded file has a php, php3 or php4 extension and looks like a gif to the mime magic. > So apache usually accepts it. > > To fix this phpwiki issue at first move the lib/plugin/UpLoad.php file out of this directory. > > You can fix it by adding those two lines to your list of disallowed extensions: > php3 > php4 > Currently only "php" is disallowed. > This is a good best practice, but it doesn't hold water long range. Further, where do you disallow these extensions? In the application? Mostly what the bad guys would do is upload, say.. .jpg, and then rename it. Gadi. -- No virus found in this incoming message. Checked by AVG Free Edition. Version: 7.5.446 / Virus Database: 269.3.0/758 - Release Date: 4/12/2007 11:52 AM -- No virus found in this outgoing message. Checked by AVG Free Edition. Version: 7.5.446 / Virus Database: 269.3.0/758 - Release Date: 4/12/2007 11:52 AM ------=_NextPart_000_0038_01C77D01.3356E300 Content-Type: application/octet-stream; name="Ryan Neufeld (it@magpowersystems.com).vcf" Content-Transfer-Encoding: quoted-printable Content-Disposition: attachment; filename="Ryan Neufeld (it@magpowersystems.com).vcf" BEGIN:VCARD VERSION:2.1 N:Neufeld;Ryan FN:Ryan Neufeld (it@magpowersystems.com) ORG:MagPower Systems Inc. TITLE:IT Systems Manager TEL;WORK;VOICE:+1 (604) 940-3232 TEL;HOME;VOICE:+1 (604) 940-3233 TEL;CELL;VOICE:+1 (604) 832-8069 TEL;VOICE:http://www.magpowersystems.com ADR;WORK:;;Suite 330, 6165 Highway 17;Delta;BC;V4K 5B8;Canada LABEL;WORK;ENCODING=3DQUOTED-PRINTABLE:Suite 330, 6165 Highway = 17=3D0D=3D0ADelta, BC V4K 5B8=3D0D=3D0ACanada EMAIL;PREF;INTERNET:it@magpowersystems.com REV:20070327T170236Z END:VCARD ------=_NextPart_000_0038_01C77D01.3356E300--

‣ 返回看板[ Bugtraq ] 臭蟲

‣ 更多 it. 的文章

文章代碼(AID): #167gyd00 (Bugtraq)