Security vulnerabilities

Attached to Project: Security vulnerabilities
Opened by zeusvuln - 19.03.2025
Last edited by hdegorce - 20.03.2025

Summary:
An accessible phpinfo page at https://net2ftp.alwaysdata.com/skins/php.php discloses detailed configuration information about the PHP environment. This information can be leveraged by attackers to identify potential vulnerabilities, misconfigurations, and outdated software components.

Details:

PHP Version: 5.6.40
System Information:
Operating System: Linux (kernel version 6.6.30-alwaysdata)
Server API: CGI/FastCGI
Configuration Exposure:
Paths to configuration files (php.ini) and directories
Enabled/disabled PHP functions and security settings (e.g., disable_functions, open_basedir)
Loaded extensions and their versions
Environment details such as server API and build dates
Steps to Reproduce:
Navigate to the URL: https://net2ftp.alwaysdata.com/skins/php.php Observe that the page displays comprehensive PHP configuration details.
Impact:
Information Disclosure: The exposed details provide attackers with insights into the server configuration, which could be used to tailor further attacks.
Risk of Exploitation:
-Identification of outdated software (PHP 5.6.40 is no longer supported and may have known vulnerabilities).
-Knowledge of disabled functions and active extensions can assist in formulating targeted exploitation strategies (e.g., leveraging known vulnerabilities in specific extensions or misconfigurations).
-Potential Follow-on Attacks: While phpinfo itself is not a direct vulnerability, the information disclosed could aid in other attacks, such as Local File Inclusion (LFI) or Remote Code Execution (RCE), if combined with other weaknesses.
Severity:
Risk Level: High the server also runs outdated or unpatched components and the phpinfo page is publicly accessible without any authentication or access control.
Recommendations:
-Restrict Access:
Remove or restrict access to the phpinfo page from the public internet. Consider using authentication or IP whitelisting if the page is needed for internal diagnostics.
-Update PHP:
Upgrade to a supported and secure version of PHP to mitigate potential exploits that target known vulnerabilities in PHP 5.6.40.
-Harden Configuration:
Ensure that sensitive functions (e.g., exec(), shell_exec()) are disabled if not necessary.
Review and adjust settings such as open_basedir to limit access to the file system.