DHC ELITE TEAM

                               
buton.gif (4602 bytes)

Also in this site

Home
Wins Section
DHC ELITE
Members list
Links
DHC CHAT
View   Book
Sign  Book
Web Board

CONTACT US

E-Mail Dade
E-mail Win 
Send us a msg         

Or add me to your ICQ list at:
12193034


greenskull.gif (27603 bytes)

PHF Vulnerability


PHF is a white pages like service (program) that was distributed with NCSA httpd and Appache www servers. I personally can't think of a single legimate use for phf. Anyway, back to the point, the problem is that phf can be used to retreve *any* file from a vulnerable machine. (this includes passwd file) The usage is quite simple, phf used http protocol, and therefore it can be used through a simple web browser. PHF is located in cgi directory of the server. The command line that exploits phf by retreving a pw file is:

http://your.host.name/cgi-bin/phf?Qalias=x%0a/bin/cat%20/etc/passwd

Where your.host.name is replaced with a name of the server in question. So,
for example if somebody was going to attempt to exploit system
www.cool.com, they would type

http://www.cool.com/cgi-bin/phf?Qalias=x%0a/bin/cat%20/etc/passwd in the

browser location window. If you are the sys admin, and are concerned with unauthorized users exploiting your system through a phf bug, here is a simple way to prevent it. Add the following line to the php.h file: #define PATTERN_RESTRICT ".*\\.phtml$" This line restricts phf so it can only display files that end in .phtl extension (therefore preventing retreval of the important files such as passwd) PHF bug is likelly to work only weak, unprotected systems particulary, foreign systems (japanese for example).
Duncan Silver of U2
www.hackersclub.com/uu

button.gif (2742 bytes)
The DHC ELITE is a proud trademark of the DadeSoft corp
DadeSoft (c) 1998

Web Grafix By 3D Dimensions
3dania3.gif (51717 bytes)


Y2K Solutions
This page hosted by Hypermart, the world's fastest growing business community!