[UNIX] PhpMyExplorer Vulnerable to Directory Traversal
From: support@securiteam.comDate: 09/03/01
- Previous message: Beyond Security Support: "Administrivia - Virus warnings"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: support@securiteam.com To: list@securiteam.com Subject: [UNIX] PhpMyExplorer Vulnerable to Directory Traversal Message-Id: <20010903050734.6AA45138C0@mail.der-keiler.de> Date: Mon, 3 Sep 2001 07:07:34 +0200 (CEST)
The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com
- - promotion
When was the last time you checked your server's security?
How about a monthly report?
http://www.AutomatedScanning.com - Know that you're safe.
- - - - - - - - -
PhpMyExplorer Vulnerable to Directory Traversal
------------------------------------------------------------------------
SUMMARY
<http://elegac.free.fr/commun/index.php3?stats=true&langue=uk>
PhpMyExplorer is a PHP application that allows you to easily update your
site online without any FTP access. A security vulnerability in the
product allows attackers to view and read files that reside outside the
normal bound directory.
DETAILS
Vulnerable systems:
PhpMyExplorer 1.2.1 and prior
Exploit:
Using a URL such as:
/index.php?chemin=..%2F..%2F..%2F..%2F..%2F..%2Fetc
Any user can browse the /etc/ directory and view any files the web server
has read access to.
Workaround:
To lock PhpMyExplorer:
If you do not limit the access of PhpMyExplorer, this application becomes
a true hole of security. Indeed, any person who takes note of the presence
of this application on your site can modify the contents or even erase the
totality of your site. In order to avoid that, it is necessary to use the
files access limitation of your Web server. For example, the following
explains how to make access limitation for Apache web server.
You must create the following three files (in text format):
* .htaccess file in the directory of the application to limit the access
to this directory,
* a password file in the secret directory,
* .htaccess file in the same directory as the password file to limit
access to this file.
Contents of the .htaccess file in the application directory:
AuthUserFile /secret/password
AuthName "Access restraint"
AuthType Basic
<Limit GET POST>
require valid-user
</Limit>
The password file is composed of the list of users and their encrypted
password with the UNIX encoding.
login1:password_crypted
login2:password_crypted
login3:password_crypted
Contents of the .htaccess:
deny from all
Vendor status:
Vendor has been contacted, but no response has been received.
ADDITIONAL INFORMATION
The information has been provided by <mailto:bford@erisksecurity.com> Ben
Ford.
========================================
This bulletin is sent to members of the SecuriTeam mailing list.
To unsubscribe from the list, send mail with an empty subject line and body to: list-unsubscribe@securiteam.com
In order to subscribe to the mailing list, simply forward this email to: list-subscribe@securiteam.com
====================
====================
DISCLAIMER:
The information in this bulletin is provided "AS IS" without warranty of any kind.
In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages.
- Previous message: Beyond Security Support: "Administrivia - Virus warnings"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
