[wp-hackers] WordPress <= 2.8.5 Unrestricted File Upload Arbitrary PHP Code Execution
Dave Jones
dave at technicacreative.co.uk
Wed Nov 11 17:37:40 UTC 2009
This will work for mod_php based installs but what about sites hosted
on shared servers? Most shared servers rely on FastCGI/suPHP for
security. I've tried php_admin_flag and php_flag in .htaccess and
they both produce config errors.
Any suggestions would be warmly received.
Dave Jones
www.technicacreative.co.uk
On 11 Nov 2009, at 17:23, Jeremy Clarke wrote:
> .htaccess idea sounds really lightweight and nice. A related solution
> is to turn off PHP execution in the apache config for your server (if
> you have access) for any directories that are writable. At one point
> attackers had uploaded php files without any .php extension in them
> and were managing to load them, but this stopped it.
>
> # Cache dir
> <Directory /var/www/path_to_site/wp-content/cache>
> AllowOverride None
> php_admin_flag engine off
> php_admin_value open_basedir none
> </Directory>
> # media upload dir
> <Directory /var/www/path_to_site/wp-content/uploads>
> AllowOverride None
> php_admin_flag engine off
> php_admin_value open_basedir none
> </Directory>
>
> It leaves room for other types of code if your server is configured to
> run them though.
>
>
> --
> Jeremy Clarke | http://jeremyclarke.org
> Code and Design | http://globalvoicesonline.org
> _______________________________________________
> wp-hackers mailing list
> wp-hackers at lists.automattic.com
> http://lists.automattic.com/mailman/listinfo/wp-hackers
More information about the wp-hackers
mailing list