>* Please keep headers intact. *
Thank's to King Cope for announcing the PoC which affected Plesk versions mentioned that's having the PHP's CGI CVE-2012-1823 vulnerability. Plesk is vulnerable to this flaw disregards on the its php configuration, and is a must fix. I suggest Plesk to quick patch this zeroday since a lot of vulnerable servers already spotted in my territory already with the collection of the malware injected. You can use the PHP CGI Argument Injection metasploit modules to reproduce the flaw: http://www.metasploit.com/modules/exploit/multi/http/php_cgi_arg_injection Any mitigation method forCVE-2012-1823 can be used for the temporary solution, i.e.: http://eindbazen.net/2012/05/php-cgi-advisory-cve-2012-1823/ The details of php flaw itself can be viewed here: http://www.metasploitminute.com/2012/05/cve-2012-1823-php-cgi-bug.html reflected into the module source code below: https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/http/php_cgi_arg_injection.rb The point is how CVE-2012-1823 can still be applied to the vulnerable php based panels, whether other products are affected or not is worth to check. Thank's to King Cope for announcing the flaw. To Nicolas Krassas, Bart Blaze & Larry W Cashdollar, for helping in checking this important flaw. rgds, ---- Hendrik Adrian unixfrea...@malwaremusdie.org Am 06.06.2013 um 04:28 schrieb Kingcope <isowarez.isowarez.isowarez at googlemail.com <https://lists.grok.org.uk/mailman/listinfo/full-disclosure>>: >* Dave ,*>* Again bla bla,*>* Dont Lie!!! I tested and it Works proper !! >Tested on Centos Red Hat Debian FreeBSD !! Pure Remote in the Wild !! Better >Patch Ur Servers and Check Ur perimeter than Telling lies.*>* *>* Me mixanaki >Kai Computer Kai flogera!*>* *>* Cheerio,*>* *>* Kctherookie* >* *>* From: king cope <isowarez.isowarez.isowarez () googlemail com>*>* Date: >Wed, 5 Jun 2013 18:37:38 +0200*>* Please keep headers intact.*>* *>* >Engineered by Kingcope*>* *>* Copyright (C)2013 Kingcope*>* Attachment: >pleskwwwzeroday.rar*>* _______________________________________________*>* >Full-Disclosure - We believe in it.*>* Charter: >http://lists.grok.org.uk/full-disclosure-charter.html*>* Hosted and sponsored >by Secunia - http://secunia.com/*
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/