Article ID: 6439, created on Jun 17, 2009, last review on May 10, 2014

  • Applies to:
  • Confixx Professional 3

Symptoms

It is possible revealing of security sensitive information on Confixx 3.x Pro installation when PHP register_globals directive is set to on.

Resolution

It is necessary to set PHP register_globals directive to off. Typically the directive is enabled in the php.ini.

  1. Login to your Confixx server via SSH as root
  2. Locate php.ini on your Confixx installation
  3. Open php.ini using a text editor
  4. Locate the the register_globals directive and make sure it is set to Off

Additional information

The way to enable register_globals directive is not limited to enabling it in the php.ini. Hence, to make sure that the directive is disabled on your installation please take the following steps:

  1. Login to your Confixx server via SSH as root
  2. Change directory to Confixx HTML directory, typically /var/www/confixx/html. Alternatively, Confixx HTML directory can be obtained from the $confixx_htmlDir variable in the confixx_main.conf file.
  3. Create a test php page with call to phpinfo() function

echo '<?php phpinfo(); ?>' > phpinfo.php

  1. Change ownership of the created phpinfo.php file to Confixx web pages user and group. Typically confixx:confixx

chown confixx:confixx phpinfo.php

  1. In a web browser open the created page URL: http://your_confixx_installation_url/phpinfo.php
  2. On the page you’ve opened locate the register_globals directive and make sure it is set to off.
  3. Please do not forget to remove the phpinfo.php file after you have verified the register_globals directive state.

85ce68e3209531714e8933ec29d267d1 6311ae17c1ee52b36e68aaf4ad066387

Email subscription for changes to this article
Save as PDF