Re: [Bugtraq ID: 17909] ISPConfig Session.INC.PHP Remote File Include Vulnerability

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: Re: [Bugtraq ID: 17909] ISPConfig Session.INC.PHP Remote File Include Vulnerability
From: t.brehm@xxxxxxxxxxxxx
Date: 16 Jun 2006 10:05:21 -0000
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm

The Exploit with Bugtraq ID: 17909 has been researched by the developers of the 
ISPConfig webhosting controlpanel. The result is that no ISPConfig 2.2.2 
installation is vulnerable to this reported exploit.

Explanation:

1) The exploit expects a file (session.inc.php) to be in the webroot, but it is 
not installed in the webroot in any ISPConfig installation and therefore 
protected against direct calls or attacks.

2) The exploit expects register_globals set to on in the ISPConfig PHP. 
register_globals is off in all ISPConfig versions in the Apache on port 81.

The Vulnerability has already been discussed by the ISPConfig developers on the 
7th. May, 2 days before the bugtraq posting.

For a detailed explanation and discussion, please have a look here:

http://www.howtoforge.com/forums/showthread.php?t=4123


ISPConfig 2.2.3 is not vulnerable to the exploit too and there has been 
additional coded added that prevents these type of attacks in case someone uses 
the ISPConfig files in third party projects that do not use the files outside 
the web root directory.

Prev by Date: PHP security (or the lack thereof)
Next by Date: Youtube.com - XSS & cookie disclosure
Previous by thread: Re: Re: PHP security (or the lack thereof)
Next by thread: Youtube.com - XSS & cookie disclosure
Index(es):
- Date
- Thread