Bypass PHP file execution restriction

  • Resolved Interference

    (@interference)


    10 years, 10 months ago

    Sucuri Security WordPress plug-in PHP execution hardening bypass:

    Some of the hardening points include stopping execution of PHP files in wp-content and uploads directory. For this .htaccess file is created with following content:
    <Files *.php>
    Order deny,allow
    Deny for all
    <Files>

    This entry stops you from executing uploaded PHP files from uploads directory.
    It means if you upload a file “shell.php” then you cannot execute it.

    But if you upload a file “shell.PHP” or “shell.pHp” then it will work.

    Issue is due to case-sensitive entry in .htaccess file. This issue can be exploited to bypass PHP execution restriction protection and execute PHP files.

    https://wordpress.org/plugins/sucuri-scanner/

Viewing 2 replies - 1 through 2 (of 2 total)
  • yorman

    (@yorman)

    10 years, 10 months ago

    Make sense, I will modify the code to use “FilesMatch” instead of “Files” and also target the file names with extension “.php” with case insensitive flag, that may help to solve the problem.

    yorman

    (@yorman)

    10 years, 10 months ago

    Task finished with these commits:

    1193688Added. Self-contained library to handle the hardening process
    1193691Fixed. Harden content directory with correct access rules
    1193701Fixed. Harden uploads directory with correct access rules
    1193713Fixed. Harden includes directory with correct access rules

Viewing 2 replies - 1 through 2 (of 2 total)

The topic ‘Bypass PHP file execution restriction’ is closed to new replies.