[Operators] critical vulnerability in Jappix

Mathias Ertl mati at fsinf.at
Thu Aug 6 12:02:17 UTC 2015


Hi everybody,

I discovered a critical vulnerability in Jappix, allowing anyone to
upload arbitrary files with an arbitrary filename to arbitrary
locations. This means: Upload a php script, upload a .htaccess file to
allow execution -> instant shell access.

The Jappix devs promptly release a fix (thanks!), so if you run a Jappix
installation, upgrade to Version 1.1.5 *right now*. I'm not 100% certain
the issue is really completely fixed, if you are a PHP expert, please
contact me if you have time to further analyze the issue.

Note that we've been exploited as far back as February. This is a
zero-day issue that is known to have been in use since then.

If you want to know if you're affected, look for suspicious looking PHP
scripts in e.g. tmp/ of your Jappix installation. But of course,
anywhere the webserver had write-access to might be possible.

greeting,s Mati

-- 
twitter: @mathiasertl | xing: Mathias Ertl | email: mati at er.tl
I only read plain-text mail!  I prefer signed/encrypted mail!

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 6044 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://mail.jabber.org/pipermail/operators/attachments/20150806/76c46546/attachment.bin>


More information about the Operators mailing list