Hi everybody, I discovered a critical vulnerability in Jappix, allowing anyone to upload arbitrary files with an arbitrary filename to arbitrary locations. This means: Upload a php script, upload a .htaccess file to allow execution -> instant shell access.
The Jappix devs promptly release a fix (thanks!), so if you run a Jappix installation, upgrade to Version 1.1.5 *right now*. I'm not 100% certain the issue is really completely fixed, if you are a PHP expert, please contact me if you have time to further analyze the issue. Note that we've been exploited as far back as February. This is a zero-day issue that is known to have been in use since then. If you want to know if you're affected, look for suspicious looking PHP scripts in e.g. tmp/ of your Jappix installation. But of course, anywhere the webserver had write-access to might be possible. greeting,s Mati -- twitter: @mathiasertl | xing: Mathias Ertl | email: [email protected] I only read plain-text mail! I prefer signed/encrypted mail!
smime.p7s
Description: S/MIME Cryptographic Signature
