Jump to content

[SOLVED] Help from C99 shell Attack

pdent1

By pdent1
in PHP Coding Help

 Share

Recommended Posts

MadTechie Regular Member

MadTechie

Posted
Posted

create .htaccess on the root, and put 

<Directory "public_html/site.com/uploadfolder">
php_admin_flag engine off
</Directory>

in it, replacing uploadfolder with the upload folder

 

 

As a note Just ran some test's on

folder permission set to 750

LAMP - CENTOS 5.3 / PHP 5.2.8 /Apache-2.0.63 - exploit failed

WAMP - (wampserver) (WinXP / Apache-2.2.8 / PHP 5.2.6)  (permission don't apply) - exploited  (no surprise here)

WAMP - (WinXP / Apache-2.2.11 / PHP Version 5.2.9)  exploit failed

 

I don't have IIS so can't test that

pdent1 Newbie

pdent1

Posted
  • Author
Posted

well now i have the php_admin_flag off on all uploaded folders, if a file is uploaded with .php in the filename instead of replacing the .php string, it just deni's the whole file, plus the mime so maybe I can make them work harder for what they want next time :D

pdent1 Newbie

pdent1

Posted
  • Author
Posted

# Apache HTTP Server: 2.2.6

# MySQL Database: 5.0.45

# PHP Processor: 5.2.4

 

I was banned from the server for "hacking" so I don't know if it actually WORKED for him nothing was changed in my database or my pages. But when i re-uploaded my files to my new servers I ran it on myself and I got access.

MadTechie Regular Member

MadTechie

Posted
Posted

well now i have the php_admin_flag off on all uploaded folders, if a file is uploaded with .php in the filename instead of replacing the .php string, it just deni's the whole file, plus the mime so maybe I can make them work harder for what they want next time :D

add a normal php file to that folder to test it (keep the .php on),

<?php
phpinfo();
?>

TeNDoLLA Newbie

TeNDoLLA

Posted
Posted

Worth to mention is also that you should never trust MIME type checks because the mime type can be spoofed. Meaning that you can upload a .php file with a mime type 'image/jpeg' for example. Best bet would be probably to rely on file extension check.

MadTechie Regular Member

MadTechie

Posted
Posted

It takes more to spoof mime then change an extension, and what about the poor Macintosh users ?

 

IMHO: mime is better than extensions

but I normally opt for 1 check mime, if that fails check extension,

then I add *some code to verify it is what it is, and then

put the renamed files in a safe zone should kill of most attacks

 

*this can take up a lot of resource, but can probably be skipped if the other measures are followed

knsito Newbie

knsito

Posted
Posted

I thought I would try this out, but unfortunately my php ver is < 5.3.0 so I get

Call to undefined function finfo_open()

 

mime_content_type() seems unreliable, (getting text/plain for png and zip files...)

 

Is there an alternative?

 

MIME type checks are fine, but you should figure out the MIME type yourself and not rely on the MIME type you're given by the client.

 

http://php.net/fileinfo

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.