Re: [Bugtraq ID: 17909] ISPConfig Session.INC.PHP Remote File Include Vulnerability

[t.brehm () ispconfig org]

The Exploit with Bugtraq ID: 17909 has been researched by the developers of the ISPConfig webhosting controlpanel. The 
result is that no ISPConfig 2.2.2 installation is vulnerable to this reported exploit.

Explanation:

1) The exploit expects a file (session.inc.php) to be in the webroot, but it is not installed in the webroot in any 
ISPConfig installation and therefore protected against direct calls or attacks.

2) The exploit expects register_globals set to on in the ISPConfig PHP. register_globals is off in all ISPConfig 
versions in the Apache on port 81.

The Vulnerability has already been discussed by the ISPConfig developers on the 7th. May, 2 days before the bugtraq 
posting.

For a detailed explanation and discussion, please have a look here:

http://www.howtoforge.com/forums/showthread.php?t=4123


ISPConfig 2.2.3 is not vulnerable to the exploit too and there has been additional coded added that prevents these type 
of attacks in case someone uses the ISPConfig files in third party projects that do not use the files outside the web 
root directory.