Jump to content

NULL Byte Poison Information Disclosure Vulnerability


gtaid1

Recommended Posts

Guys I really need help.

 

I have no knowledge of PHP. I'm managing an IIS server that is going under PCI audit and this is one of the findings. Website is using PHP Manager 5.3 and WordPress.

 

I researched the issue and this link says add a code to fix: http://www.codercaste.com/2009/10/03/the-null-byte-poisoning-attack-explained/

 

 

Code below

$file = str_replace(chr(0), '', $string);

I copied and paste this to any .PHP file that I could think of but honestly not sure if I copied to right file or right place inside the file. Can someone please help?

Where to put this code?

 

Also I saw another web page that was saying to add the same code but instead of $file was $input. so which one is correct ?

 

Thank you all in advance.

Link to comment
Share on other sites

I have no knowledge of PHP.

 

And now you're copypasting code from the Internet which you don't understand into scripts you don't understand to solve problems you don't understand. I'm sure the auditors will love that.

 

Also, nullbyte vulnerabilities? As far as I remember, the last PHP version which had something like this was 5.2. Is that what you're running?

 

Right now, I'd be a lot more worried about the overall state of your organization.

Link to comment
Share on other sites

I could be wrong, for I only did a quick search on the internet but it looks like PHP Manager is obsolete or not being supported? (Someone correct me if I'm wrong) To me from your standpoint I think your problem is more of an update issue than a coding issue (again I could be wrong). All I know is if I had your job I would be looking into updating the applications on the server than trying to correct the issue rather than splicing in a code fix, for I think it doing it that way would solve your problem(s) and satisfy the auditor(s). This is especially truly if you are just an IT administrator with no programming skills? 

Edited by Gandalf64
Link to comment
Share on other sites

In a nutshell, this only has the potential to be dangerous is you have stupid code that opens files based on variables coming from application user input. If you do have those applications, then a null byte exploit is only the tip of the iceberg.

 

If you are going around pasting "$file = str_replace(chr(0), '', $string);" into all the php files, you misunderstand the proposed "fix" and are most likely wasting your time entirely. This is not something that can be fixed without a review and understanding of the php code involved.

 

It is very possible that despite that potential flaw, there is absolutely no code in your php application that could be exploited by this issue.

 

It is likely that the analysis is simply checking the version of PHP and a database says that the version you are using has this potential flaw in it.

 

It also appears that PHP Manager stopped being developed in 2011. Your plan should be to get a fresh modern PHP installation without using PHP Manager.

 

You might also want to communicate to management that this audit and report opened up a huge can of worms that could require a lot of reinstallation/configuration etc.

Link to comment
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.