PHP vulnerability

by mamouth • 4 May 2012, 15:36 • Journals

Hi CF !

To everyone who is using php-cgi for server, plz update :

http://www.php.net/archive/2012.php#id2012-05-03-1

we can see your php file source code :D

Quote[03-May-2012]

There is a vulnerability in certain CGI-based setups (Apache+mod_php and nginx+php-fpm are not affected) that has gone unnoticed for at least 8 years. Section 7 of the CGI spec states:
Some systems support a method for supplying a [sic] array of strings to the CGI script. This is only used in the case of an `indexed' query. This is identified by a "GET" or "HEAD" HTTP request with a URL search string not containing any unencoded "=" characters.

So, requests that do not have a "=" in the query string are treated differently from those who do in some CGI implementations. For PHP this means that a request containing ?-s may dump the PHP source code for the page, but a request that has ?-s&=1 is fine.

A large number of sites run PHP as either an Apache module through mod_php or using php-fpm under nginx. Neither of these setups are vulnerable to this. Straight shebang-style CGI also does not appear to be vulnerable.

If you are using Apache mod_cgi to run PHP you may be vulnerable. To see if you are, just add ?-s to the end of any of your URLs. If you see your source code, you are vulnerable. If your site renders normally, you are not.

To fix this, update to PHP 5.3.12 or PHP 5.4.2.

every site i tried so far seems to be fixed already :(

A large number of sites run PHP as either an Apache module through mod_php or using php-fpm under nginx. Neither of these setups are vulnerable to this. Straight shebang-style CGI also does not appear to be vulnerable.

Most of them don't use mode_cgi

Parent

ye true that :P

Parent

some do use ecg

Parent

Is it oké that I don't care?:$

Yeh, no one uses this crap anyway xD

Parent

does not affect me, running nginx + php5-fpm! :D

according to tweakers.net the update doesn't fix this issue though :/

Nikon's website seems vulnerable.
http://support.nikonusa.com/app/?-s
http://support.webroot.com/app/answers/detail/a_id/1761?-s

That update doesn't seem to fix that leak either.

Oh noes, PHP.

Who uses it anyways today.

Python on the way!!

why the hell would anyone be using php-cgi?

Don't know, but some people still use it anyway.

Parent

news post on tweakers.net: KPN ( Dutch telecom ) Business hosting vulnerable by this exploit :{D

Parent

Thompson	35.8 % (19 votes)
MP40	64.2 % (34 votes)


ET Anniversary 6on6 ODC	Sebhes
How to Download Ringtone iPhone	FarahHelga
Fildena 100 Mg \| Long Lasting ED Pill	lifesavingrx
Escorts in Delhi	sunita01
ET Anniversary Winter League	Sebhes
Merry Christmas Crossfire	ohurcool


ET Anniversary LAN Announcement	Sebhes	27
ET Anniversary Winter League	Sebhes	1
Merry Christmas Crossfire	ohurcool	5
ET Anniversary Fall Cup Play Offs	Sebhes	1
ET Anniversary Fall Cup Groups & Schedule	Sebhes	14
RTCW: Tavern Rush - Purmerend 2023	Graecos	4


ET on steam	overdrive	26
All good things must come to an end?	TosspoT	592
ET Anniversary 6on6 ODC	Sebhes	0
How to Download Ringtone iPhone	FarahHelga	0
ET Anniversary Fall Cup 3on3 Qualifiers	Sebhes	5
Script to download private messages	Kimi	5
Vote Pansy for Esports Award	TosspoT	12
Graphic designer	Sebhes	2
cheater confession journal	mama	33
4 years later...all good things must actually come to an end	TosspoT	119
The dust is starting to settle in	Sebhes	13
3on3 adlernest	andyouok	1


Public Servers	dorian1	7
Frag Movie Database	fumble	294
Fildena 100 Mg \| Long Lasting ED Pill	lifesavingrx	0
Escorts in Delhi	sunita01	1
Looking for old FM	ght	11
ET in 4k despite windows scaling at 200%?	Patrick_70	1
Онлайн игры	hilomod	0
australian cheater	pengirl	9
cybergames old servers	barbiekiller	12
objtrack.lua script	dorian1	8
infected event	barbiekiller	0
new file data base for wolfenstein	barbiekiller	8