Re: Exploits for PHP and APACHE!

["Paul Melson" <pmelson () gmail com>]

On Tue, Apr 22, 2008 at 9:12 PM, Juan Manuel Garcia
<kernelinux () gmail com> wrote:
> Hi List!!
>
>  I`m doing a penetration test for my company and I found this
>  vulnerabilitys but I DON`T HAVE THE EXPLOITS.
>   Any of you can send me the exploits, source codes or a url to download it??
>
>  I need it as soon as posibble, Thanks!
>
>  PHP/4.3.8:
>
>  * PHP HTML Entity Encoder Heap Overflow Vulnerability (CVE-2006-5465)
>
>  * Zend_Hash_Del_Key_Or_Index  Vulnerability
>
>  * PHP Remote Arbitrary Location File Upload Vulnerability (CAN-2004-0959)
>
>  Apache/2.0.52 (Unix):
>
>  *Apache Mod_Rewrite Off-By-One Buffer Overflow  Vulnerability (CVE-2006-3747)

For the remote file upload vulnerability, you don't need a specific
exploit. It's trivial to write your own. [1]

However, as I look at this list, I am suspicious that some or all of
these are false positives based on banner grabs.  If it truly is an
unpatched PHP 4.3.8 install, then you should also be seeing things
like XSS in info.php, arbitrary file reads via curl(), and much more.
The thing is, some of those things (like XSS) are easy for a scanner
to test with a higher degree of accuracy.  I suspect that this is an
older, but patched server (perhaps RedHat?).  These tend to give
banner scanners fits because instead of upgrading the version of
vulnerable software, they simply patch it and leave the version be.
Also, if it's not been patched and it is exposed to the Internet,
chances are very good this system has been compromised.  Probably a
lot.

PaulM

[1] http://en.wikipedia.org/wiki/Remote_File_Inclusion

------------------------------------------------------------------------
This list is sponsored by: Cenzic

Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!

http://www.cenzic.com/downloads
------------------------------------------------------------------------