Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

twlc advisory: plesk (psa) allows reading of .php files

From: <supergate () twlc net>
Date: Fri, 21 Dec 2001 21:34:19 +0100
twlc security divison
(21/12/2001)

plesk (psa) allows reading of .php files

Found by:
supergate
./twlc

Summary:
Plesk is a server admnistrator used by LOTS of web hosting companies to make easy the menagement of the server. Its a 
really cool
software!! i work with it. This bug allows you to read the source of the hosted .php files.

Systems Affected:
All the versions before 2.0 seems to be affected (2.0 should be safe except if you got UserDir directive enabled)

Explanation:
Its really simple... I'll explain it with an example:
HOSTING_FOR_DUMMIES is running plesk, they host http://www.pleskrules.net that uses php, they run php nuke (note that 
this is just
an example) so their configuration file with the database password is located in 
http://www.pleskrules.net/configure.php if we want
to see the sources of this php (so the passwords) we only need to go there 
http://xxx.xxx.xxx.xxx/~pleskrules/configure.php where
obviously 'xxx.xxx.xxx.xxx' stands for the ip of the domain pleskrules.net and '~pleskrules' is the username of the 
account of
pleskrules.net (usually the name of the domain with ~ tilde before).

Plesk staff:
Has been contacted and in about an hour i had a reply. Really an ELEET bug support system!! The guy 'Anton' explained 
me that the
problem has been fixed in 2.0 but it affects the previous versions. If you got it in 2.0 means that you have UserDir 
directive
enabled! so thanks plesk ! eleet job. keep up the good work!!! plesk rules

Patch:
Upgrade to 2.0! (www.plesk.com) and if you are vulnerable with it turn off the userdir directive...
To do this make sure that you have this following in the httpd.conf file:
<IfModule mod_userdir.c>
    UserDir disabled
</IfModule>

Conclusions:
This advisory has been released just to make safer the web hosting companies, (expecially the one who hosts our domain 
ehe) so DONT
BE AN IDIOT (or a script kiddie) and DONT abuse of it. i again hope in human intelligence. peace people.

News about twlc.net
we are up again!!! THANKS UNIXRULES.NET FOR HOSTING LOVE <3 GUYS

greets:
all #twlc, #lt12, #./herb, #insight ;)
and for the tests yaroze and the admin of unixrules.net (LOVE)
and obviously Anton from plesk.com!

Posted at:
vuln-dev () securityfocus com
bugtraq () securityfocus com
bugreport () plesk com
http://www.twlc.net/
http://www.twlc.net/article.php?sid=499

Contacts (bugs, ideas, insults, cool girls... remember that trojans and flames are directed to /dev/null):

supergate () twlc net

http://www.twlc.net

bella;)

eof
Previous By Date Next
Previous By Thread Next

Current thread: