OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
From: supergatetwlc.net
Date: Fri Dec 21 2001 - 14:34:19 CST

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    twlc security divison
    (21/12/2001)

    plesk (psa) allows reading of .php files

    Found by:
    supergate
    ./twlc

    Summary:
    Plesk is a server admnistrator used by LOTS of web hosting companies to make easy the menagement of the server. Its a really cool
    software!! i work with it. This bug allows you to read the source of the hosted .php files.

    Systems Affected:
    All the versions before 2.0 seems to be affected (2.0 should be safe except if you got UserDir directive enabled)

    Explanation:
    Its really simple... I'll explain it with an example:
    HOSTING_FOR_DUMMIES is running plesk, they host http://www.pleskrules.net that uses php, they run php nuke (note that this is just
    an example) so their configuration file with the database password is located in http://www.pleskrules.net/configure.php if we want
    to see the sources of this php (so the passwords) we only need to go there http://xxx.xxx.xxx.xxx/~pleskrules/configure.php where
    obviously 'xxx.xxx.xxx.xxx' stands for the ip of the domain pleskrules.net and '~pleskrules' is the username of the account of
    pleskrules.net (usually the name of the domain with ~ tilde before).

    Plesk staff:
    Has been contacted and in about an hour i had a reply. Really an ELEET bug support system!! The guy 'Anton' explained me that the
    problem has been fixed in 2.0 but it affects the previous versions. If you got it in 2.0 means that you have UserDir directive
    enabled! so thanks plesk ! eleet job. keep up the good work!!! plesk rules

    Patch:
    Upgrade to 2.0! (www.plesk.com) and if you are vulnerable with it turn off the userdir directive...
    To do this make sure that you have this following in the httpd.conf file:
    <IfModule mod_userdir.c>
        UserDir disabled
    </IfModule>

    Conclusions:
    This advisory has been released just to make safer the web hosting companies, (expecially the one who hosts our domain ehe) so DONT
    BE AN IDIOT (or a script kiddie) and DONT abuse of it. i again hope in human intelligence. peace people.

    News about twlc.net
    we are up again!!! THANKS UNIXRULES.NET FOR HOSTING LOVE <3 GUYS

    greets:
    all #twlc, #lt12, #./herb, #insight ;)
    and for the tests yaroze and the admin of unixrules.net (LOVE)
    and obviously Anton from plesk.com!

    Posted at:
    vuln-devsecurityfocus.com
    bugtraqsecurityfocus.com
    bugreportplesk.com
    http://www.twlc.net/
    http://www.twlc.net/article.php?sid=499

    Contacts (bugs, ideas, insults, cool girls... remember that trojans and flames are directed to /dev/null):

    supergatetwlc.net

    http://www.twlc.net

    bella;)

    eof