twlc advisory: plesk (psa) allows reading of .php files

From: supergateat_private
Date: Fri Dec 21 2001 - 12:34:19 PST

Next message: xbud: "Re: yet another fake exploit making rounds"

Previous message: B.K. DeLong: "Black Hat Windows Security 2002 Speakers Announced"
Next in thread: supergateat_private: "twlc advisory: plesk (psa) allows reading of .php files"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

twlc security divison
(21/12/2001)

plesk (psa) allows reading of .php files

Found by:
supergate
./twlc

Summary:
Plesk is a server admnistrator used by LOTS of web hosting companies to make easy the menagement of the server. Its a really cool
software!! i work with it. This bug allows you to read the source of the hosted .php files.

Systems Affected:
All the versions before 2.0 seems to be affected (2.0 should be safe except if you got UserDir directive enabled)

Explanation:
Its really simple... I'll explain it with an example:
HOSTING_FOR_DUMMIES is running plesk, they host http://www.pleskrules.net that uses php, they run php nuke (note that this is just
an example) so their configuration file with the database password is located in http://www.pleskrules.net/configure.php if we want
to see the sources of this php (so the passwords) we only need to go there http://xxx.xxx.xxx.xxx/~pleskrules/configure.php where
obviously 'xxx.xxx.xxx.xxx' stands for the ip of the domain pleskrules.net and '~pleskrules' is the username of the account of
pleskrules.net (usually the name of the domain with ~ tilde before).

Plesk staff:
Has been contacted and in about an hour i had a reply. Really an ELEET bug support system!! The guy 'Anton' explained me that the
problem has been fixed in 2.0 but it affects the previous versions. If you got it in 2.0 means that you have UserDir directive
enabled! so thanks plesk ! eleet job. keep up the good work!!! plesk rules

Patch:
Upgrade to 2.0! (www.plesk.com) and if you are vulnerable with it turn off the userdir directive...
To do this make sure that you have this following in the httpd.conf file:
<IfModule mod_userdir.c>
UserDir disabled
</IfModule>

Conclusions:
This advisory has been released just to make safer the web hosting companies, (expecially the one who hosts our domain ehe) so DONT
BE AN IDIOT (or a script kiddie) and DONT abuse of it. i again hope in human intelligence. peace people.

News about twlc.net
we are up again!!! THANKS UNIXRULES.NET FOR HOSTING LOVE <3 GUYS

greets:
all #twlc, #lt12, #./herb, #insight ;)
and for the tests yaroze and the admin of unixrules.net (LOVE)
and obviously Anton from plesk.com!

Posted at:
vuln-devat_private
bugtraqat_private
bugreportat_private
http://www.twlc.net/
http://www.twlc.net/article.php?sid=499

Contacts (bugs, ideas, insults, cool girls... remember that trojans and flames are directed to /dev/null):

supergateat_private

http://www.twlc.net

bella;)

eof

Next message: xbud: "Re: yet another fake exploit making rounds"
Previous message: B.K. DeLong: "Black Hat Windows Security 2002 Speakers Announced"
Next in thread: supergateat_private: "twlc advisory: plesk (psa) allows reading of .php files"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Dec 21 2001 - 14:36:47 PST