Hello,
I think i've found a security leak in the Apache configuration.
One user reported me that a script called "haxplorer" is using this security leak.
This script works only when using the following link: "http://serverip/~username/script.php". It doesn't work when using: "http://mydomain.com/script.php"
When a user is using this script, it is possible to show other users data. (read/write/delete/upload etc.). You can cd to another user home directory like: /home/otheruser/public_html
I don't have much information about this script. The only thing i know is that it's using the php function "opendir" and "readdir" for reading the directory's.
I can't disable those functions, because they are used by a lot of scripts.
Another thing in this script that worked on a DirectAdmin is shell access (shell access disabled for the user in DirectAdmin). The solve this.... just disable the php function "shell_exec".
I've tried many things to block this script, but nothing seems to help:
-suPHP enabled
-PHP5 CGI enabled
-Apache mod_secure
The whole server is up-to-date. Server OS is CentOS 5
As far I know this works on all DirectAdmin servers i've tried already.
Crew of DirectAdmin can send me an PM if they want this script!
I think i've found a security leak in the Apache configuration.
One user reported me that a script called "haxplorer" is using this security leak.
This script works only when using the following link: "http://serverip/~username/script.php". It doesn't work when using: "http://mydomain.com/script.php"
When a user is using this script, it is possible to show other users data. (read/write/delete/upload etc.). You can cd to another user home directory like: /home/otheruser/public_html
I don't have much information about this script. The only thing i know is that it's using the php function "opendir" and "readdir" for reading the directory's.
I can't disable those functions, because they are used by a lot of scripts.
Another thing in this script that worked on a DirectAdmin is shell access (shell access disabled for the user in DirectAdmin). The solve this.... just disable the php function "shell_exec".
I've tried many things to block this script, but nothing seems to help:
-suPHP enabled
-PHP5 CGI enabled
-Apache mod_secure
The whole server is up-to-date. Server OS is CentOS 5
As far I know this works on all DirectAdmin servers i've tried already.
Crew of DirectAdmin can send me an PM if they want this script!