Latest Announcemnent
New thread
Status
Not open for further replies.
NewEraCracker

NewEraCracker

Active Member
1,335
2010
203
10
I've found a problem with the execution of files with unknown extensions.

To see the server is vulnerable upload a file named bug.php.kkk and see if it executes:
Code: 
<?php echo "bugged"; ?>

If you see just "bugged" while executing it, your server IS NOT secured. If you see ALL text (including the php tags) in the browser or in the downloaded file, your server seems to be secure.

This is caused by:

"Files can have more than one extension, and the order of the extensions is normally irrelevant. (...) Care should be taken when a file with multiple extensions gets associated with both a MIME-type and a handler. This will usually result in the request being handled by the module associated with the handler."
See:
Code: 
http://httpd.apache.org/docs/2.2/mod/mod_mime.html#multipleext
http://www.php.net/manual/en/install.windows.apache2.php

How to fix:

Find in configuration:
Code: 
AddHandler application/x-httpd-php .php

Replace with:
Code: 
<FilesMatch \.php$>
SetHandler application/x-httpd-php
</FilesMatch>

Regards,
NewEraCracker
 
8 comments
try this

Code: 
<FilesMatch "\.(inc|php|php3|php4|php5|php6|phtml|phps)$">
</FilesMatch>
AddType text/html .php

always use suphp. ALWAYS
 
Last edited:
A friend has posted this in cPanel forum. It has instructions to secure apache with SuPHP.
http://forums.cpanel.net/f145/defaut-only-php-handling-227332.html#post934442

I changed to this configuration in a shared server:

/usr/local/apache/conf/php.conf
Code: 
# This file was automatically generated by the Cpanel PHP Configuration system
# If you wish to change the way PHP is being handled by Apache on your system,
# use the /usr/local/cpanel/bin/rebuild_phpconf script or the WHM interface.
#
# Manual edits of this file will be lost when Apache is updated.


# SuPHP configuration for PHP5
LoadModule suphp_module modules/mod_suphp.so
suPHP_Engine on
AddType application/x-httpd-php5 .php5 .php4 .php .php3 .php2 .phtml
#<Directory />
#    suPHP_AddHandler application/x-httpd-php5
#</Directory>
<FilesMatch \.php(|5|4|3|2)$>
    suPHP_AddHandler application/x-httpd-php5
</FilesMatch>
<FilesMatch \.phtml$>
    suPHP_AddHandler application/x-httpd-php5
</FilesMatch>

# End of autogenerated PHP configuration.
 
Last edited:
This is great tutor and one must make this change on their server.

I have already done that on my server was suggested by DC tech guy :)

+ 1 Neweracracker...Helpful post !
 
Status
Not open for further replies.
Back
Top