Showing posts with label exploits. Show all posts
Showing posts with label exploits. Show all posts

Wednesday, July 13, 2011

Why is allow_url_fopen disabled?

Category: SkyHi @ Wednesday, July 13, 2011

Overview

The PHP parameter allow_url_fopen has been disabled in both our PHP4 and PHP5 environments for the (gs) Grid-Service.
If enabled, allow_url_fopen allows PHP's file functions to retrieve data from remote locations such as an FTP server or web site, and could lead to code injection vulnerabilities. Typically, these code injection vulnerabilities occur from improper input filtering when passing user-provided data to PHP functions. Disabling this function will help considerably in stopping your site(s) from being compromised, as well as help thwart the unauthorized use of our servers for abusive or malicious purposes.

What you should do

We would highly suggest further researching and examining aspects of your site's code that depend on this functionality. There are many safer methods to accomplish the same desired results without this possible security issue.
  • Use a relative path to the file stored locally.
  • Using the PHP environment variable $_SERVER['DOCUMENT_ROOT'], which returns the absolute path to the web root directory.
  • cURL is another method that could be used. (This method is beyond the scope of this article. For more information, please see: http://php.net/manual/en/book.curl.php.)
If this software was obtained from a third party, we suggest contacting their developer. These developers can usually be contacted via forums, email or other methods.

Workaround

You can enable 'allow_url_fopen' by editing your php.ini file. The process is very straightforward; it is as simple as including the following line to your own php.ini file at /home/00000/etc/php.ini. If you are just starting to use a custom php.ini file, you may need to also change the memory_limit value.
allow_url_fopen = On
 
 
 
 
REFERENCES
http://kb.mediatemple.net/questions/793/Why+is+allow_url_fopen+disabled+on+the+%28gs%29+Grid-Service%3F 
http://phpsec.org/projects/phpsecinfo/tests/allow_url_fopen.html 
http://wiki.dreamhost.com/index.php/Allow_url_fopen 
http://linuxhostingsupport.net/blog/how-to-enable-allow_url_fopen-for-a-single-domain-on-a-cpanel-server

Tuesday, July 12, 2011

Timthumb.php …many themes

Category: , , SkyHi @ Tuesday, July 12, 2011
Timthumb is a php script for smart image resizing used on many WordPress themes, timthumb versions 1.24 and lower have numerous vulnerabilities.
Since TimThumb is used by many commercial and free themes makers, this exploit easily effects thousands of sites.

Fix: Check your timthumb.php file , usually within one of your theme’s subdirectory’s the version number is in the file under
?
1
define ('VERSION', '1.23');
Download latest timthumb.php from the link below and replace if if your version is below 1.25.
Exploit Type: XSS , DoS.
Version: TimThumb 1.24

Credit: http://websecurity.com.ua
Reference: http://packetstormsecurity.org/files/view/100411/timthumb-xssdisclosedos.txt
Download: http://code.google.com/p/timthumb/
http://www.wpsecure.net/2011/04/timthumb-php-many-themes/
Subscribe to: Posts (Atom)