Comments on: GitPHP 0.0.9 http://www.xiphux.com/2009/10/24/gitphp-0-0-9/?&owa_medium=feed&owa_sid= Sun, 22 Jan 2012 11:36:31 -0800 hourly 1 http://wordpress.org/?v=3.3.1 By: xiphux http://www.xiphux.com/2009/10/24/gitphp-0-0-9/comment-page-1/#comment-663 xiphux Wed, 11 Nov 2009 02:53:21 +0000 http://www.xiphux.com/?p=659#comment-663 Thanks for reporting this. I use suhosin / hardened php on my development server so I never caught this. The new release fixes this. Thanks for reporting this. I use suhosin / hardened php on my development server so I never caught this. The new release fixes this.

]]> By: Some[One] http://www.xiphux.com/2009/10/24/gitphp-0-0-9/comment-page-1/#comment-661 Some[One] Tue, 10 Nov 2009 16:35:24 +0000 http://www.xiphux.com/?p=659#comment-661 Hello ... I'm not sure of what i've seen in your demo (http://www.xiphux.com/gitphp/index.php?p=php/gitphp.git&a=summary), but i think that your webapp can be exploited to lead to a file injection exploitation : Like http://www.xiphux.com/gitphp/index.php?p=[put any path of your server here]&a=summary to remove the search of path+"/description" just add %00 : http://www.xiphux.com/gitphp/index.php?p=[any path]%00&a=summary and it will read your files directly On your server it's seems that's your using ModSecurity (return Metho Not Implemented when we put some path to files like passwd but without ModSecurity it can lead to a compromission of the server that host it) So use regular expression to clean/reject wrong url. Sorry for reporting the bug here (I don't wan't to create an account in mantis ^^) Hello …
I’m not sure of what i’ve seen in your demo (http://www.xiphux.com/gitphp/index.php?p=php/gitphp.git&a=summary), but i think that your webapp can be exploited to lead to a file injection exploitation :

Like http://www.xiphux.com/gitphp/index.php?p=put any path of your server here]&a=summary

to remove the search of path+”/description” just add %00 :
http://www.xiphux.com/gitphp/index.php?p=any path]%00&a=summary
and it will read your files directly

On your server it’s seems that’s your using ModSecurity (return Metho Not Implemented when we put some path to files like passwd but without ModSecurity it can lead to a compromission of the server that host it)

So use regular expression to clean/reject wrong url.

Sorry for reporting the bug here (I don’t wan’t to create an account in mantis ^^)

]]>