Re: [Bugtraq ID: 17909] ISPConfig Session.INC.PHP Remote File Include Vulnerability
The Exploit with Bugtraq ID: 17909 has been researched by the developers of the
ISPConfig webhosting controlpanel. The result is that no ISPConfig 2.2.2
installation is vulnerable to this reported exploit.
Explanation:
1) The exploit expects a file (session.inc.php) to be in the webroot, but it is
not installed in the webroot in any ISPConfig installation and therefore
protected against direct calls or attacks.
2) The exploit expects register_globals set to on in the ISPConfig PHP.
register_globals is off in all ISPConfig versions in the Apache on port 81.
The Vulnerability has already been discussed by the ISPConfig developers on the
7th. May, 2 days before the bugtraq posting.
For a detailed explanation and discussion, please have a look here:
http://www.howtoforge.com/forums/showthread.php?t=4123
ISPConfig 2.2.3 is not vulnerable to the exploit too and there has been
additional coded added that prevents these type of attacks in case someone uses
the ISPConfig files in third party projects that do not use the files outside
the web root directory.