Nikto : protect your Apache server against a LFI vulnerability

Thursday 7 July 2016 (2016-07-07)

Saturday 14 September 2024 (2024-09-14)

🇬🇧

Goal#

How to protect your apache server against a LFI vulnerability that can be found with Nikto .

/autohtml.php?op=modload&mainfile=x&name=/etc/passwd : php-proxima 6.0 and below allows arbitrary files to be retrieved.

Nikto test#

https://raw.githubusercontent.com/sullo/nikto/master/program/databases/db_tests

"000548","9028","5","/autohtml.php?op=modload&mainfile=x&name=/etc/passwd","GET","root:","","","","","php-proxima 6.0 and below allows arbitrary files to be retrieved.","",""

Protection#

To do so, you have to disable trailing pathname by disabling the AcceptPathInfo directive:

For example edit your vhost configuration:
- vim /etc/apache2/vhosts.d/vhostname.conf (openSUSE)
- vim /etc/apache2/sites-available/example.com.conf (Debian/Ubuntu)
- vim /etc/httpd/sites-available/example.com.conf (CentOS/RHEL/Fedora)
And in the <Directory> section add the directive AcceptPathInfo Off or turn it to Off if already existing
Save your config file
Restart apache:
- systemctl restart apache2.service (openSUSE)
- service apache2 restart (Debian/Ubuntu)
- systemctl restart httpd.service (CentOS/RHEL/Fedora)
- apachectl restart (generic)

security

Goal#

Nikto test#

Protection#