Tag: PHP

A brief description of the fopen PHP vulnerability

One of the PHP vulnerability that is still being found on many websites is the fopen function in PHP – CVE-2007-0448. You can secure your website by disabling includes when calling the fopen function.

According to cvedetails.com “PHP 5.2.0 does not properly handle invalid URI handlers, which allows context-dependent attackers to bypass safe_mode restrictions and read arbitrary files via a file path specified with an invalid URI, as demonstrated via the srpath URI”

Its usually  not recommended to enable the fopen function in the php.ini, however, some developers include it in the code itself for a specific task. Lets see how this is exploited:

Lets say we have a page called vulnerability.php containing these code

<?php
$vulnerable = $_GET['vulnerable'];
include($vulnerable);
?>

So, $vulnerable = $_GET[‘vulnerable’]; means to put the ‘vulnerable’ GET property in the variable $vulnerable; i.e GET property that is in the URL. An example is http://mysite.com/page.php?vulnerable=yes&howmuch=Very.

By including the value of the variable ($vulnerable), you allowing an attacker to inject code. Someone for instance can try this on his browser

http://www.mywebsite.com/fopen.php?vulnerable=../../../index.php

This will enable the attacker to get into subdirectories and start exploring the whole directory. However, if you are running PHPFPM for a particular instance, only that particular instance is impacted as PHPFPM allows you to isolate each running instances within the server.

Hello Tunnelers

Hello Tunnelers across the globe. I made this blog to share my experience and knowledge as a System and Application Administrator. Most articles are based on real life experience in the field of Linux, FreeBSD and Open source technologies. However, additional tests are usually made to support my blog posts and i welcome constructive comments from you to enlighten me if needed.

Fellow Tunnelers, the Tunnelix is a concept that have inspired me to bridge Linux and Unix Operating systems tunneling through the hacking world. Do follow me on Twitter and join the adventure through out the Tunnel.

linux-bsd-840x420

My website has been made using technologies like Nginx, HHVM, WordPress, CentOS, PHP, JQuery, MariaDB and others. I made some penetration testing using Kali Linux tools, Apache Benchmark and other online testing tools such as GTmetrix. You can follow my tweets to keep in touch with me. Your comments are welcome and i am also reachable on Facebook. Most blog posts will be based on the technical aspects of IT though sometimes i will blog about my own IT Management skills that i have encountered. Sharing is the key to success. Technology always keep on evolving and just as other blogs, old posts are sometimes void. I will try my best to keep all my blog posts up-to-date.