PHP Forum

**VToria** · 09-19-2005, 10:13 AM

This question may be too vague but I'll give it a go...someone informed me last night that one of the scripts on my sites is exploitable using fsockopen()
I've read up as best I (a php novice) can on the two things but it doesn't help me in understanding HOW it could be used to 'own' (as they put it) my Plugboard nevermind how I could prevent it.

Could any one shed any light? Or do I really need to go into more detail and provide my URL and the code from the script etc?

**ibbo** · 09-19-2005, 11:23 AM

You may need to elaborate a little more.

Are you saying that you have a script that can be conected to via fsockopen (can't they all)
OR
That your page uses fsockopen to get at content elsewhere?

Eitherway it would be hard to exploit.

I.E fputs ($fp, "GET / HTTP/1.0\r\n\r\n"); sends a request to the site $fp points to. The site will simply return the page you opened a socket to (returns the html text) so I can see no exploit here either. Whereas fget($fp,1024) gets a chunck of data from the page which you can append to a var or spit straight out.

The only real danger is if you have written your own server that is not up to scratch and easily exploited (running as root etc for example).

If you can elaborate a bit more then .....

Ibbo

**VToria** · 09-19-2005, 11:48 AM

I'm saying that I have a script that can be conected to via fsockopen apparently...I really know little about it other than someone has told me they can use fsockopen to exploit it.

This is the script they are talking about:
http://www.swaymyway.com/plug

I could post the code from plug.php also if it helps.

**ibbo** · 05:41 AM

well any page has the potential to be accessed via a socket.

Output from me trying to open a socket to http://www.swaymyway.com/plug

Code:

HTTP/1.1 404 Not Found
Date: Tue, 20 Sep 2005 09:27:49 GMT
Server: Apache
Connection: close
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<HTML><HEAD>
<TITLE>404 Not Found</TITLE>
</HEAD><BODY>
<H1>Not Found</H1>
The requested URL /plug/index.php was not found on this server.<P>
<P>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.

As i visited your site and downloaded the code i can assume that this is due to your hostchecking in the following code.

Code:

if (($referer != $valid_url1) && ($referer != $valid_url2) && ($referer != $valid_url3) && ($referer != $valid_url4)) { 

echo "<center><body bgcolor=$bgcolor><font face=$font_error size=$font_error_size color=$font_error_color>Error: Invalid usage<br>Redirecting you now. <meta http-equiv='refresh' content='4; URL=index.php'></center></font>";

exit();

}

When your open a socket to your doc root http://www.swaymyway.com we get a successfull hit and it returns the page as expected.

Code:

HTTP/1.1 200 OK
Date: Tue, 20 Sep 2005 09:31:08 GMT
Server: Apache
Last-Modified: Sat, 14 May 2005 16:20:33 GMT
ETag: "1128db-b9d-42862551"
Accept-Ranges: bytes
Content-Length: 2973
Connection: close
Content-Type: text/html

So through my attempts to open a socket to http://www.swaymyway.com/plug I always fail. While opening a socket to http://www.swaymyway.com/ succeeds which is why i assume your URL checking is actually working and denying access for the plug directory. for requesting a GET /plug "fails" as does GET /plug/index.php but not GET /.

I think you should have little to worry about (but no harm in been paraniod). But I could be totaly wrong and spending 1/2 hour messing about does not in anyway mean that I or anyone else has tested it to the max.

Ibbo

**VToria** · 09-20-2005, 11:11 AM

Thanks for taking the time to do that, like I said i'm a novice so it's a relief to hear from someone more advanced that things should be ok

Thanks again.