BugTraq
Re: [Bugtraq ID: 17909] ISPConfig Session.INC.PHP Remote File Include Vulnerability Jun 16 2006 10:05AM
t brehm ispconfig org
The Exploit with Bugtraq ID: 17909 has been researched by the developers of the ISPConfig webhosting controlpanel. The result is that no ISPConfig 2.2.2 installation is vulnerable to this reported exploit.

Explanation:

1) The exploit expects a file (session.inc.php) to be in the webroot, but it is not installed in the webroot in any ISPConfig installation and therefore protected against direct calls or attacks.

2) The exploit expects register_globals set to on in the ISPConfig PHP. register_globals is off in all ISPConfig versions in the Apache on port 81.

The Vulnerability has already been discussed by the ISPConfig developers on the 7th. May, 2 days before the bugtraq posting.

For a detailed explanation and discussion, please have a look here:

http://www.howtoforge.com/forums/showthread.php?t=4123

ISPConfig 2.2.3 is not vulnerable to the exploit too and there has been additional coded added that prevents these type of attacks in case someone uses the ISPConfig files in third party projects that do not use the files outside the web root directory.

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus