New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

PHP-Proxy <= 5.1.0 - The decrypt key is flawed and cause the vulnerability of LFI #139

Open
0xUhaw opened this Issue Nov 30, 2018 · 3 comments

Comments

Projects
None yet
3 participants
@0xUhaw

0xUhaw commented Nov 30, 2018

We discovered the PHP-Proxy str_rot_pass encrypt function is flawed. Despite the user change the default key, the remote attacker can easily decrypt the key and cause the vulnerability of Local File Inclusion.

4-1

5

Detailed steps and sample payload:
https://github.com/0xUhaw/CVE-Bins/tree/master/PHP-Proxy

We suggest that the encryption rules should be strengthened because the logic of decryption is too easy.

@Benji-Collins

This comment has been minimized.

Benji-Collins commented Nov 30, 2018

Is there anything that regular users can do now other than simply stop using the proxy?

@0xUhaw

This comment has been minimized.

0xUhaw commented Nov 30, 2018

Since this is the encrypt key problem, this should be fixed by the official...
If it is a problem for LFI, you can disable curl file protocol.

@RubyTheRose

This comment has been minimized.

RubyTheRose commented Dec 7, 2018

Has this been fixed yet? Or has no comment been made?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment