https://bz.apache.org/bugzilla/show_bug.cgi?id=58314
Bug ID: 58314
Summary: Defaultly Execute "phtml" As "php" Package
"apache2-mpm-prefork package"
Product: Apache httpd-2
Version: 2.2.22
Hardware: PC
Status: NEW
Severity: normal
Priority: P2
Component: All
Assignee: [email protected]
Reporter: [email protected]
Created attachment 33057
--> https://bz.apache.org/bugzilla/attachment.cgi?id=33057&action=edit
POC For Apache 2.2.22 Executing "phtml" as "php"
Hello Apache Security Team.
Just observed an issue when one of my Arbitrary File Upload Vulnerability got
fixed.
Here i am explaining you a scenario.
Many developers Prevent File Upload Vulnerability By Blocking "['php', 'php3',
'php4', 'inc']" So most of developers do the same for their application to
prevent this.
But the better solution is to include this extensions also "php5,pht,phtml"
Observation: now i had observe that most of Linux Debian Which Have
"apache2-mpm-prefork package" Package for their Apache Service are default set
to executing "phtml" as "php" which look dangerous because most of Developer
only use "php,php3,php4,inc".
So if any developer miss the "phtml" to add in black list file upload and if
the Linux Debian Which Have "apache2-mpm-prefork package" Package is set to
Execute "phtml" as "php" by default then the whole server can be compromise by
the attacker.
For POC i had attached Latest Kali Linux 2.0 which allow user to execute
"phtml" as "php" by default.
I have tested this Latest Kali Linux 2.0 Version Which is running on Apache
2.2.22
Waiting for your reply.
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
