Hi every one
today I wanted to show you the latest gratest vulnerability on in apache webserver installed on a linux kernel
by using this vulnarablity the hacker coudl be able to intrude to all the server by hacking all the servers aplicatiosns through finding out the mysql access of the databases through the whole in apache

How A hacker compromises the whole server by sybolic link?

First the attacker needs to compromise one of the scripts or the content mangement systems on the server which could be worpdress/joomla which are too bugy and subject to become compromised easily
after that the attacker had access to the files of the victim he/she will upload a perl/cgi script to crate symlink to other users of the server
let say he had compromised user A which is located in the following directory
/home/userA/public_html
he/she has created a symlink from
/home/userA/public_html/my.txt -> /home2/userB/public_html/config.php
then he/she will create a .htaccess and put the folloing on it

Options Indexes FollowSymLinks
DirectoryIndex doesnt-metter.htm
AddType txt .php
AddHandler txt .php

after that booom
by browsing to the victim website with my.txt which could be www.usera.com/my.txt
the content from the config file of the neighbor user would be display and as far as it is a text it wont be prevented from displaying
now you got the point and what do you think?
he now have access to the neighbor’s database and would also compromise that too and thats all how the whole server would be compromised

How To Prevent Symlink Attack on Apache

I would provide you the following patch which has been one of the only 2 available patches that would patch the apache webserver during the build process of apache using the tool easy apache on cpanel
login the server as root

mkdir -p /var/cpanel/easy/apache/custom_opt_mods/Cpanel/Easy/Apache
cd /var/cpanel/easy/apache/custom_opt_mods/Cpanel/Easy/Apache
wget http://woshka.com/downloads/ApacheSymlinkProtection.pm.tar.gz
tar -xzvf ApacheSymlinkProtection.pm.tar.gz

after that use easy apache to rebuild the apache and in the exclusive options list make the symlinprotection selected
save and buoild
you are done

The above works fine with Apache 2.2.23
Hope this tutorial could be able to benefit you to prevent your whole serves websites get compromised

Thanks
woshka

2 COMMENTS

LEAVE A REPLY

Please enter your comment!
Please enter your name here

This site uses Akismet to reduce spam. Learn how your comment data is processed.