security

Nikto : protect your Apache server against a LFI vulnerability

noraj (Alexandre ZANNI)
, , ,
🇬🇧

Goal#

How to protect your apache server against a LFI vulnerability that can be found with Nikto .

1
/autohtml.php?op=modload&mainfile=x&name=/etc/passwd : php-proxima 6.0 and below allows arbitrary files to be retrieved.

Nikto test#

https://raw.githubusercontent.com/sullo/nikto/master/program/databases/db_tests

1
"000548","9028","5","/autohtml.php?op=modload&mainfile=x&name=/etc/passwd","GET","root:","","","","","php-proxima 6.0 and below allows arbitrary files to be retrieved.","",""

Protection#

To do so, you have to disable trailing pathname by disabling the AcceptPathInfo directive:

  • For example edit your vhost configuration:
    • vim /etc/apache2/vhosts.d/vhostname.conf (openSUSE)
    • vim /etc/apache2/sites-available/example.com.conf (Debian/Ubuntu)
    • vim /etc/httpd/sites-available/example.com.conf (CentOS/RHEL/Fedora)
  • And in the <Directory> section add the directive AcceptPathInfo Off or turn it to Off if already existing
  • Save your config file
  • Restart apache:
    • systemctl restart apache2.service (openSUSE)
    • service apache2 restart (Debian/Ubuntu)
    • systemctl restart httpd.service (CentOS/RHEL/Fedora)
    • apachectl restart (generic)
Share