[Operators] critical vulnerability in Jappix
Mathias Ertl
mati at fsinf.at
Thu Aug 6 12:02:17 UTC 2015
Hi everybody,
I discovered a critical vulnerability in Jappix, allowing anyone to
upload arbitrary files with an arbitrary filename to arbitrary
locations. This means: Upload a php script, upload a .htaccess file to
allow execution -> instant shell access.
The Jappix devs promptly release a fix (thanks!), so if you run a Jappix
installation, upgrade to Version 1.1.5 *right now*. I'm not 100% certain
the issue is really completely fixed, if you are a PHP expert, please
contact me if you have time to further analyze the issue.
Note that we've been exploited as far back as February. This is a
zero-day issue that is known to have been in use since then.
If you want to know if you're affected, look for suspicious looking PHP
scripts in e.g. tmp/ of your Jappix installation. But of course,
anywhere the webserver had write-access to might be possible.
greeting,s Mati
--
twitter: @mathiasertl | xing: Mathias Ertl | email: mati at er.tl
I only read plain-text mail! I prefer signed/encrypted mail!
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 6044 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://mail.jabber.org/pipermail/operators/attachments/20150806/76c46546/attachment.bin>
More information about the Operators
mailing list