Secure php file execution NOW!

[NewEraCracker]

I've found a problem with the execution of files with unknown extensions.

To see the server is vulnerable upload a file named bug.php.kkk and see if it executes:

Code: 

<?php echo "bugged"; ?>

If you see just "bugged" while executing it, your server IS NOT secured. If you see ALL text (including the php tags) in the browser or in the downloaded file, your server seems to be secure.

This is caused by:

"Files can have more than one extension, and the order of the extensions is normally irrelevant. (...) Care should be taken when a file with multiple extensions gets associated with both a MIME-type and a handler. This will usually result in the request being handled by the module associated with the handler."
See:

Code: 

http://httpd.apache.org/docs/2.2/mod/mod_mime.html#multipleext
http://www.php.net/manual/en/install.windows.apache2.php

How to fix:

Find in configuration:

Code: 

AddHandler application/x-httpd-php .php

Replace with:

Code: 

<FilesMatch \.php$>
SetHandler application/x-httpd-php
</FilesMatch>

Regards,
NewEraCracker

NewEraCracker Reviewed by NewEraCracker on 19th Jul 2011. Secure php file execution NOW! I've found a problem with the execution of files with unknown extensions. To see the server is vulnerable upload a file named bug.php.kkk and see if it executes: <?php echo "bugged"; ?> If you see just "bugged" while executing it, your server IS NOT secured. If you see ALL text (including the php tags) in the browser or in the downloaded file, your server seems to be secure. This is caused by: "Files can have more than one extension, and the order of the extensions is normally Rating: 5

[ThumperTM]

Thanks pal

[JmZ]

lol, badly configured web servers ftw

[tdsii]

try this

Code: 

<FilesMatch "\.(inc|php|php3|php4|php5|php6|phtml|phps)$">
</FilesMatch>
AddType text/html .php

always use suphp. ALWAYS

[NewEraCracker]

A friend has posted this in cPanel forum. It has instructions to secure apache with SuPHP.
http://forums.cpanel.net/f145/defaut...tml#post934442

I changed to this configuration in a shared server:

/usr/local/apache/conf/php.conf

Code: 

# This file was automatically generated by the Cpanel PHP Configuration system
# If you wish to change the way PHP is being handled by Apache on your system,
# use the /usr/local/cpanel/bin/rebuild_phpconf script or the WHM interface.
#
# Manual edits of this file will be lost when Apache is updated.


# SuPHP configuration for PHP5
LoadModule suphp_module modules/mod_suphp.so
suPHP_Engine on
AddType application/x-httpd-php5 .php5 .php4 .php .php3 .php2 .phtml
#<Directory />
#    suPHP_AddHandler application/x-httpd-php5
#</Directory>
<FilesMatch \.php(|5|4|3|2)$>
    suPHP_AddHandler application/x-httpd-php5
</FilesMatch>
<FilesMatch \.phtml$>
    suPHP_AddHandler application/x-httpd-php5
</FilesMatch>

# End of autogenerated PHP configuration.

[l0calh0st]

Goodwork

[WebMonster]

Nice N.E.C .

Helped me .

[fewcent]

This is great tutor and one must make this change on their server.

I have already done that on my server was suggested by DC tech guy

+ 1 Neweracracker...Helpful post !

[NewEraCracker]

Here is another helpful post about another apache issue. a must see:
http://www.besthostingforums.com/showthread.php?t=99170