Vigil@nce - PHP: connection to another port via fsockopen
April 2017 by Vigil@nce
This bulletin was written by Vigil@nce : https://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An attacker, who controls the first parameter of the fsockopen()
function of PHP, can use it to connect to an unexpected port.
– Impacted products: Debian, PHP.
– Severity: 1/4.
– Creation date: 28/03/2017.
DESCRIPTION OF THE VULNERABILITY
The PHP language offers the fsockopen() function which is used to
open a socket. For example:
fsockopen("192.168.1.1", 80, [...]);
However, the following syntax is also accepted:
fsockopen("192.168.1.1:81", 80, [...]);
In this case, the connection is done on the port 81 instead of 80.
An attacker, who controls the first parameter of the fsockopen()
function of PHP, can therefore use it to connect to an unexpected
port.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
https://vigilance.fr/vulnerability/PHP-connection-to-another-port-via-fsockopen-22262