Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

Re: Plesk Apache Zeroday Remote Exploit
From: アドリアンヘンドリック <unixfreaxjp22 () gmail com>
Date: Fri, 7 Jun 2013 14:44:56 +0900

* Please keep headers intact.

*

Thank's to King Cope for announcing the PoC which affected Plesk versions
mentioned that's having the PHP's CGI CVE-2012-1823 vulnerability.
Plesk is vulnerable to this flaw disregards on the its php configuration,
and is a must fix.
I suggest Plesk to quick patch this zeroday since a lot of vulnerable
servers already spotted in my territory already with the collection of the
malware injected.

You can use the PHP CGI Argument Injection metasploit modules to reproduce
the flaw:
http://www.metasploit.com/modules/exploit/multi/http/php_cgi_arg_injection
Any mitigation method forCVE-2012-1823 can be used for the temporary
solution, i.e.: http://eindbazen.net/2012/05/php-cgi-advisory-cve-2012-1823/

The details of php flaw itself can be viewed here:
http://www.metasploitminute.com/2012/05/cve-2012-1823-php-cgi-bug.html
reflected into the module source code below:
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/http/php_cgi_arg_injection.rb

The point is how CVE-2012-1823 can still be applied to the vulnerable php
based panels, whether other products are affected or not is worth to check.

Thank's to King Cope for announcing the flaw. To Nicolas Krassas, Bart
Blaze & Larry W Cashdollar, for helping in checking this important flaw.

rgds,

----
Hendrik Adrian
unixfreaxjp () malwaremusdie org

Am 06.06.2013 um 04:28 schrieb Kingcope <isowarez.isowarez.isowarez at
googlemail.com <https://lists.grok.org.uk/mailman/listinfo/full-disclosure>>:

* Dave ,*>* Again bla bla,*>* Dont Lie!!! I tested and it Works proper !! Tested on Centos Red Hat Debian FreeBSD !! 
Pure Remote in the Wild !! Better Patch Ur Servers and Check Ur perimeter than Telling lies.*>* *>* Me mixanaki Kai 
Computer Kai flogera!*>* *>* Cheerio,*>* *>* Kctherookie*

* *>* From: king cope <isowarez.isowarez.isowarez () googlemail com>*>* Date: Wed, 5 Jun 2013 18:37:38 +0200*>* Please 
keep headers intact.*>* *>* Engineered by Kingcope*>* *>* Copyright (C)2013 Kingcope*>* Attachment: 
pleskwwwzeroday.rar*>* _______________________________________________*>* Full-Disclosure - We believe in it.*>* 
Charter: http://lists.grok.org.uk/full-disclosure-charter.html*>* Hosted and sponsored by Secunia - 
http://secunia.com/*
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault