Penetration Testing mailing list archives
Re: Exploits for PHP and APACHE!
From: "Paul Melson" <pmelson () gmail com>
Date: Wed, 23 Apr 2008 07:25:31 -0400
On Tue, Apr 22, 2008 at 9:12 PM, Juan Manuel Garcia <kernelinux () gmail com> wrote:
Hi List!! I`m doing a penetration test for my company and I found this vulnerabilitys but I DON`T HAVE THE EXPLOITS. Any of you can send me the exploits, source codes or a url to download it?? I need it as soon as posibble, Thanks! PHP/4.3.8: * PHP HTML Entity Encoder Heap Overflow Vulnerability (CVE-2006-5465) * Zend_Hash_Del_Key_Or_Index Vulnerability * PHP Remote Arbitrary Location File Upload Vulnerability (CAN-2004-0959) Apache/2.0.52 (Unix): *Apache Mod_Rewrite Off-By-One Buffer Overflow Vulnerability (CVE-2006-3747)
For the remote file upload vulnerability, you don't need a specific exploit. It's trivial to write your own. [1] However, as I look at this list, I am suspicious that some or all of these are false positives based on banner grabs. If it truly is an unpatched PHP 4.3.8 install, then you should also be seeing things like XSS in info.php, arbitrary file reads via curl(), and much more. The thing is, some of those things (like XSS) are easy for a scanner to test with a higher degree of accuracy. I suspect that this is an older, but patched server (perhaps RedHat?). These tend to give banner scanners fits because instead of upgrading the version of vulnerable software, they simply patch it and leave the version be. Also, if it's not been patched and it is exposed to the Internet, chances are very good this system has been compromised. Probably a lot. PaulM [1] http://en.wikipedia.org/wiki/Remote_File_Inclusion ------------------------------------------------------------------------ This list is sponsored by: Cenzic Need to secure your web apps NOW? Cenzic finds more, "real" vulnerabilities fast. Click to try it, buy it or download a solution FREE today! http://www.cenzic.com/downloads ------------------------------------------------------------------------
Current thread:
- Exploits for PHP and APACHE! Juan Manuel Garcia (Apr 22)
- Re: Exploits for PHP and APACHE! Paul Melson (Apr 23)
- <Possible follow-ups>
- Re: Exploits for PHP and APACHE! Yousif (Apr 22)