Banshee
the secure PHP framework

Forum

Suspected Remote File Inclusion on Banshee 3.5

Samiux
29 october 2012, 06:17


Banshee version: 3.5
Webserver: Hiawatha 8.5
Operating System: Ubuntu Server 12.04 LTS (updated to latest state)

Hi Hugo,

The following is found on the access.log and it seems that attacker want to do something like Remote File Inclusion on my server.

My Ubuntu server is implemented Apparmor and the /etc/passwd directory is restricted to access.

In addition, I also implemented DenyBody for Null Byte on my Virtual Host.

So, the error code for the attacker will be 403.

41.142.250.200 - - [28/Oct/2012:23:35:15 +0800] "POST /?-d%20allow_url_include%3DOn+-d%20auto_prepend_file%3D../../../../../../../../../../../../etc/passwd%00%20-n/?-d%20allow_url_include%3DOn+-d%20auto_prepend_file%3D../../../../../../../../../../../../etc/passwd%00%20-n HTTP/1.1" 403 849 "-" "Mozilla/5.0"


My CMS is Banshee 3.5. I wonder if the Banshee 3.5 has the vulnerability of Remote File Inclusion or not.

Thank you.

Samiux
Hugo Leisink
29 october 2012, 21:17
Of course not!
Message preview

The following BB-codes are available in a message:

  • [b]Bold text[/b]
  • [center]Center text or imagen[/center]
  • [color=color name or #RGB code]Colored text[/color]
  • [i]Italic text[/i]
  • [img]Link to image[/img]
  • [right]Align text or image right[/right]
  • [s]Strike-through text[/s]
  • [size=pixelsize]Big or small text[/size]
  • [u]Underlined text[/u]
  • [url]Link to website[/url]
  • [url=link to website]Link text[/url]
Back
Built upon the Banshee PHP framework v6.3CMS