Full Disclosure mailing list archives
Re: Plesk Apache Zeroday Remote Exploit
From: アドリアンヘンドリック <unixfreaxjp22 () gmail com>
Date: Fri, 7 Jun 2013 14:44:56 +0900
* Please keep headers intact.
* Thank's to King Cope for announcing the PoC which affected Plesk versions mentioned that's having the PHP's CGI CVE-2012-1823 vulnerability. Plesk is vulnerable to this flaw disregards on the its php configuration, and is a must fix. I suggest Plesk to quick patch this zeroday since a lot of vulnerable servers already spotted in my territory already with the collection of the malware injected. You can use the PHP CGI Argument Injection metasploit modules to reproduce the flaw: http://www.metasploit.com/modules/exploit/multi/http/php_cgi_arg_injection Any mitigation method forCVE-2012-1823 can be used for the temporary solution, i.e.: http://eindbazen.net/2012/05/php-cgi-advisory-cve-2012-1823/ The details of php flaw itself can be viewed here: http://www.metasploitminute.com/2012/05/cve-2012-1823-php-cgi-bug.html reflected into the module source code below: https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/http/php_cgi_arg_injection.rb The point is how CVE-2012-1823 can still be applied to the vulnerable php based panels, whether other products are affected or not is worth to check. Thank's to King Cope for announcing the flaw. To Nicolas Krassas, Bart Blaze & Larry W Cashdollar, for helping in checking this important flaw. rgds, ---- Hendrik Adrian unixfreaxjp () malwaremusdie org Am 06.06.2013 um 04:28 schrieb Kingcope <isowarez.isowarez.isowarez at googlemail.com <https://lists.grok.org.uk/mailman/listinfo/full-disclosure>>:
* Dave ,*>* Again bla bla,*>* Dont Lie!!! I tested and it Works proper !! Tested on Centos Red Hat Debian FreeBSD !! Pure Remote in the Wild !! Better Patch Ur Servers and Check Ur perimeter than Telling lies.*>* *>* Me mixanaki Kai Computer Kai flogera!*>* *>* Cheerio,*>* *>* Kctherookie*
* *>* From: king cope <isowarez.isowarez.isowarez () googlemail com>*>* Date: Wed, 5 Jun 2013 18:37:38 +0200*>* Please keep headers intact.*>* *>* Engineered by Kingcope*>* *>* Copyright (C)2013 Kingcope*>* Attachment: pleskwwwzeroday.rar*>* _______________________________________________*>* Full-Disclosure - We believe in it.*>* Charter: http://lists.grok.org.uk/full-disclosure-charter.html*>* Hosted and sponsored by Secunia - http://secunia.com/*
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Plesk Apache Zeroday Remote Exploit king cope (Jun 05)
- Re: Plesk Apache Zeroday Remote Exploit Milan Berger (Jun 06)
- Re: Plesk Apache Zeroday Remote Exploit Ed Velez (Jun 06)
- <Possible follow-ups>
- Re: Plesk Apache Zeroday Remote Exploit David H (Jun 05)
- Re: Plesk Apache Zeroday Remote Exploit Kingcope (Jun 06)
- Re: Plesk Apache Zeroday Remote Exploit Kingcope (Jun 06)
- Re: Plesk Apache Zeroday Remote Exploit Kingcope (Jun 06)
- Re: Plesk Apache Zeroday Remote Exploit David H (Jun 06)
- Re: Plesk Apache Zeroday Remote Exploit アドリアンヘンドリック (Jun 06)
- Re: Plesk Apache Zeroday Remote Exploit Milan Berger (Jun 06)