How to remediate – Advanced Poll info.php Remote Information Disclosure

1. Introduction

The Advanced Poll info.php Remote Information Disclosure vulnerability allows attackers to view a PHP script that reveals sensitive information about the web server and its configuration. This can help an attacker plan further attacks against the system, potentially leading to compromise of data or services. Systems running Chien Kien Uong’s Advanced Poll are affected. A successful exploit could lead to full disclosure of system details, impacting confidentiality.

2. Technical Explanation

The vulnerability exists because the ‘info.php’ file in the default Advanced Poll installation calls the ‘phpinfo()’ function, which displays detailed PHP configuration information. An attacker can directly access this file via a web browser to gather details about the server environment. This is identified as CVE-2003-1181.

• Root cause: The default installation includes an insecure file (‘info.php’) exposing sensitive system information through ‘phpinfo()’.
• Exploit mechanism: An attacker simply requests the ‘info.php’ file via HTTP(S). For example, http://example.com/info.php.
• Scope: Chien Kien Uong’s Advanced Poll PHP script is affected.

3. Detection and Assessment

You can confirm the vulnerability by checking for the presence of the ‘info.php’ file on the web server, or by attempting to access it directly via a browser. Scanning tools may also identify this issue.

• Quick checks: Use ls -l /path/to/advanced-poll/info.php (Linux) or check the Advanced Poll directory in your file manager.
• Scanning: Nessus plugin ID 342493 may detect this vulnerability. This is an example only, results may vary.
• Logs and evidence: Web server logs will show requests for ‘info.php’ if accessed.

# Example command to check file existence (Linux)
ls -l /var/www/html/advanced-poll/info.php

4. Solution / Remediation Steps

The solution is to delete the ‘info.php’ file from the Advanced Poll installation directory. This removes the information disclosure risk.

4.1 Preparation

• There are no dependencies for this fix. Change windows are not usually needed for this simple change.

4.2 Implementation

1. Step 1: Delete the ‘info.php’ file using a command like rm /path/to/advanced-poll/info.php (Linux) or delete it through your file manager.

4.3 Config or Code Example

No config change is needed, only deletion of the vulnerable file.

Before

# File exists: /var/www/html/advanced-poll/info.php

After

# File does not exist: /var/www/html/advanced-poll/info.php

4.4 Security Practices Relevant to This Vulnerability

Secure defaults and regular security reviews can help prevent this issue. Least privilege reduces the impact if an attacker gains information about the system.

• Practice 1: Implement least privilege access controls to limit the potential damage from compromised accounts or exposed information.
• Practice 2: Regularly review default configurations of web applications and remove unnecessary files or features that could expose sensitive data.

4.5 Automation (Optional)

A simple script can automate file deletion, but be careful with permissions.

#!/bin/bash
# Check if the file exists before attempting to delete it
if [ -f "/var/www/html/advanced-poll/info.php" ]; then
  rm /var/www/html/advanced-poll/info.php
  echo "File info.php deleted."
else
  echo "File info.php does not exist."
fi

5. Verification / Validation

Verify the fix by attempting to access ‘info.php’ again via a web browser. The page should no longer be accessible, and you should receive an error (e.g., 404 Not Found). Check your web server logs to confirm.

• Post-fix check: Attempting to access http://example.com/info.php should result in a 404 Not Found error.
• Re-test: Repeat the quick checks from section 3; ‘ls -l /path/to/advanced-poll/info.php’ should now show that the file does not exist.
• Monitoring: Monitor web server logs for any unexpected access attempts or errors related to missing files.

# Example post-fix check (Linux)
curl -I http://example.com/info.php
HTTP/1.1 404 Not Found

6. Preventive Measures and Monitoring

Update security baselines to include checks for unnecessary files in web application installations. Implement regular vulnerability scanning during the CI or deployment process.

• Baselines: Update your security baseline to require removal of default, insecure files like ‘info.php’ from web applications.
• Pipelines: Add a static analysis check to your CI/CD pipeline that flags the presence of sensitive files in web application code.
• Asset and patch process: Review all third-party components regularly for known vulnerabilities.

7. Risks, Side Effects, and Roll Back

Deleting ‘info.php’ should not cause any service disruption. However, if you are unsure of its purpose, back up the file first. To roll back, restore the backup.

• Risk or side effect 1: There is minimal risk associated with deleting this file.
• Roll back: Restore the Advanced Poll installation directory from your backup.

8. References and Resources

Official advisories provide detailed information about this vulnerability.

• Vendor advisory or bulletin: https://www.securityfocus.com/archive/1/342493
• NVD or CVE entry: CVE-2003-1181