0day OuTian OuTian Joomla 1.0/1.5beta2 (latest) upload file mishandling vulnerability.

Slides:



Advertisements
Similar presentations
WordPress Installation for Beginners Sheila Bergman
Advertisements

Selected Topics Dr Yi Zhou
©2009 Justin C. Klein Keane PHP Code Auditing Session 3 – Tools of the Trade & Crafting Malicious Input Justin C. Klein Keane
Content Management, Working with WordPress Pavel Ivanov Telerik Corporation
HTTP HyperText Transfer Protocol. HTTP Uses TCP as its underlying transport protocol Uses port 80 Stateless protocol (i.e. HTTP Server maintains no information.
Install WordPress with Xampp. By With Thanks to: Rupesh Kumar.
Creating WordPress Websites. Creating a site on your computer Local server Local WordPress installation Setting Up Dreamweaver.
Content Management, Working with WordPress Svetlin Nakov Telerik Corporation
5 Days Open Source Workshop Zencart – Wordpress – Joomla Welcome Day 3.
Chapter 13 Web Application Infrastructure. Objectives Explain the components and purpose of a web application platform Describe several common webapp.
Introducing LAMP: Linux, Apache, MySQL and PHP Track 2 Workshop PacNOG 7 July 1, 2010 Pago Pago, American Samoa.
WHAT IS PHP PHP is an HTML-embedded scripting language primarily used for dynamic Web applications.
PHP and MySQL Week#1  Course Plan.  Introduction to Dynamic Web Content.  Setting Up Development Server Eng. Mohamed Ahmed Black 1.
Building Library Web Site Using Drupal
Joomla!. What is Joomla! Joomla! is the largest Open Source Content Management System (CMS) for publishing on the World Wide Web Using a CMS allows non-technical.
Content Management Systems AN INTRODUCTION. Learning Objectives To know what a Content Management System is Have an understanding of the different types.
Charels Content management system A content management system (CMS) [1][2][3] is a computer program that allows publishing, editing and modifying.
Creating a Web Presence Introduction to WordPress Week 1.
Web Server Configuration Alokes Chattopadhyay Computer & Informatics Centre IIT Kharagpur.
WordPress Web. WordPress Blogging system with full content management Personal publishing system Built on PHP scripting language and MySQL relational.
Web Servers Web server software is a product that works with the operating system The server computer can run more than one software product such as .
Technology Options. Entire Project – Technologies (over simplified) 1.Front-end 2.Database 3.Server-side scripting (front-end and database integration)
Content Management System Vicky Pan Oct e: Information Architecture and Design.
What is Wordpress and Why Is It Important?
Technical Review - PHP Jang Jaeseok. Overview Introduction  What is PHP?  History of PHP  What can do with PHP?  Advantages of PHP PHP syntax.
Presentation On Apache BSIT 6th1 Apache server Building Your Very Own Web Server.
INFO 1300: LOCAL DEVELOPMENT 10/16/2015. Index.html Important Homepage for every project in this course Points will be deducted otherwise.
Web Scripting [PHP] CIS166AE Wednesdays 6:00pm – 9:50pm Rob Loy.
1Computer Sciences Department Princess Nourah bint Abdulrahman University.
IOS and Android with Windows Azure Websites Name Title Address Website.
Web Design & Development Company 11/2/2015www.ecrulogictechnologies.com.
Web Server Design Assignment #1: Basic Operations Due: 02/03/2010 Old Dominion University Department of Computer Science CS 495/595 Spring 2010 Martin.
The HTTP is a standard that all Web browsers and Web servers must speak in order for the Web portion of the Internet to work.
+ Joomla and Wordpress By Lindsey Johnson. + What is Joomla? Joomla is an award-winning content management system (CMS), which enables you to build Web.
CITA 310 Section 2 HTTP (Selected Topics from Textbook Chapter 6)
The Basics of HTTP Jason Dean
CITA 310 Section 7 Installing and Testing a Programming Environment (Textbook Chapter 7)
Joomla and Wordpress By: Alex Holder. Joomla Joomla is a content management system which helps you build Web sites and online applications.
IPT – Getting Started June Online Resources Project Website Requirements Server Preparation Installation Running IPT Installation Demo Upgrade/Reinstall.
CNIT 124: Advanced Ethical Hacking Docker (not in textbook) & Ch 8: Exploitation.
PHP Introduction PHP is a server-side scripting language.
MySQL MySQL and PHP – interacting with a database.
 To start using PHP, you can:  Find a web host with PHP and MySQL support  Install a web server on your own PC, and then install PHP and MySQL.
Web Server Apache PHP HTTP Request User types URL into browser Address resolved if nec. We use directly Most browsers request.
How Web Database Architectures Work CPS181s April 8, 2003.
 Before you continue you should have a basic understanding of the following:  HTML  CSS  JavaScript.
Intro to APACHE, MySQL, and PHP & freely available (hackable) Packages Aonghus Sugrue 04 Oct 2012.
Web Server/Services Web Server/Services huanghs. Computer Center, CS, NCTU 2 FAMP(FreeBSD+Apache+MySQL+PHP)  Apache 2.2 (35%) /usr/ports/www/apache22.
Website Update and Use of Official accounts Dr.Lasantha Ranwala ( MBBS,MSc-Biomedical Informatics) Medical Officer - Health Informatics RDHS Office.
Windows Azure and iOS Chris Risner Windows Azure Technical Evangelist Microsoft
CGS 3066: Web Programming and Design Spring 2016 Introduction to Server-Side Programming.
1 Web Search What are easy ways to create a website? 2 Web Search What is a blog? What type of content does this type of website provide? 3 Web.
Expertsfromindia for Joomla Development. Introduction Joomla is an open source and free content management system (CMS) for publishing content on the.
WordPress and Etherpad with BlueMix and Docker. Our aim is to run on BlueMix containers (now in beta) these two famous services In the BlueMix dashboard,
Wordpress. What is Wordpress? Wordpress is a content management system. It is free and easy to use. It allows you to build dynamic websites It is built.
PHP is a server scripting language, and a powerful tool for making dynamic and interactive Web pages. PHP is a widely-used, free, and efficient alternative.
Web Server Design Week 6 Old Dominion University Department of Computer Science CS 495/595 Spring 2006 Michael L. Nelson 2/13/06.
Chapter 13 Web Application Infrastructure
CGS 3066: Web Programming and Design Spring 2017
CONTENT MANAGEMENT SYSTEM CSIR-NISCAIR, New Delhi
WordPress “WordPress is a free and open source blog publishing application.” Christina Vasileiou Database management system.
Ben Dahlin LCSC Technology Development Coordinator
Metasploit Project For this exploit I will be using the following strategy Create backdoor exe file Upload file to website Have victim computer download.
PHP Image Gallery Script |Image Selling Website PHP Script - PHP Images and Media Script Phpscriptsmall
Web Technology Overview
MySQL Backup, Transfer and Restore
Intro to PHP.

HTTP/2.
Presentation transcript:

0day OuTian OuTian Joomla 1.0/1.5beta2 (latest) upload file mishandling vulnerability

  Apache + php   Set php file handling   AddHandler   Proper upload handler example   Joomla 1.0 、 Joomla 1.5 beta2 (latest)   Demo   Live demo Agenda

  Famous Web Application Platform   Works on Most of OS   Windows   Linux   FreeBSD   SunOS  ... others. Apache + PHP

Set php file handling  Set(In|Out)putfilter  SetOutputFilter PHP  SetInputFilter PHP  AddType  AddType application/x-httpd-php.php  AddHandler  AddHandler php5-script.php  Default used in Fedora Core 4 ~ 7 CentOS 5.0 ( RHEL ? Other Clone ? )

AddHandler  Problem  *.php.* will be processed by php engine  When upload  *.php.gif  *.php.bmp  *.php.jpg  *.php.tgz  *.php ...

Example

Proper upload handler example  When upload 『 ox.php.gif 』  Discuz Forum rename to 『 date_{MD5}.gif 』  gallery 1 / gallery 2 rename to 『 ox_php.gif 』  lifetype blog rename to 『 X-X.gif 』  wordpress blog rename to 『 oxphp.gif 』  xoops rename to 『 imgXXXXXXXX.gif 』

Joomla  CMS (Content Management System ), just like XOOPS  use php + mysql  combine with gallery/blog/forum/... etc  Official website :  Taiwan website :

Exploitation  login  Upload a file with filename containing ".php.", with malicious code  ex: ox.php.gif  launch file from browser   Do anything  ex: webshell

Local Demo

Live Demo

$ nc 80 HEAD / HTTP/1.0 Host: HTTP/ OK Server: Apache/2.2.2 (Fedora) X-Powered-By: PHP/5.1.6 Connection: close Content-Type: text/html; charset=utf-8