| VID |
21111 |
| Severity |
30 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
CGI |
| Detailed Description |
The 'mylog.html' sample script shipped with the PHP/FI package contain a vulnerability that allows remote attackers to view any file on the system. Attackers are limited to viewing files accessible to the user the httpd server is running under, generally "nobody." Exploit information for this hole has been widely published.
The exploit for dummies:
http://www.victim.com/~dumbuser/cool-logs/mylog.html?screen=[any files]
useful files to see are /etc/hosts.allow, /etc/passwd and just about anything else. |
| Recommendation |
1. Remove any instance of mlog and mylog scripts from your server and obtain a patch from the PHP web site (www.php.net).
2. Temporary fix: insert the following line just before the '<?include...' line.
<?ereg_replace("/","",$screen);> |
| Related URL |
CVE-1999-0068 (CVE) |
| Related URL |
713 (SecurityFocus) |
| Related URL |
1468 (ISS) |
|
