PHPDig Config.PHP Include Remote Command Execution Vulnerability

Solution:
A solution has been posted to PHPDig that deals with this issue:

!!! ADD THIS TO THE TOP OF THE CONFIG.PHP FILE NOW !!!

PHP:
--------------------------------------------------------------------------------

// prevent remote command execution
if ((isset($relative_script_path)) &&
($relative_script_path != ".") &&
($relative_script_path != "..")) {
exit();
}

// prevent requests for config.php
if (eregi("config.php",$_SERVER['SCRIPT_FILENAME']) ||
eregi("config.php",$_SERVER['REQUEST_URI'])) {
exit();
}

--------------------------------------------------------------------------------

Please see reference section for more details.

A patched version has been provided for this issue.


PhpDig PhpDig 1.6.5


 

Privacy Statement
Copyright 2010, SecurityFocus