Facebook HHVM Insecure File Caching via cached.php |

Post Pic Not Available

Bug Type: Insecure Caching caused Local File Inclusion from down directories
Script Url: http://hhvm.com/
Buggy File: Cached.php
Status : Fixed

Detailed WriteUp: Hey all :) , Back in April i reported a code bug in facebook HHVM package. It was fixed lately by HHVM Team. If you have no idea what is HHVM then you can follow this link : http://hhvm.com
So following are details : Below is the extracted package of hhvm.
Cached.php file is used to cache javascript and css files . Example: http://localhost:1337/hhvm/cached.php?f=styles%2Ftheme-base.css
But it doesnt restrict to load only js and css files. Here is code that load file passed in GET parameter "f" .
Now lets try loading some local php file. http://localhost:1337/hhvm/cached.php?f=search.php
In this way we can access the source of any php files that are down the directory, Up directory wont work due to the protection in the code , so we cant access any etc/passwd etc.
Facebook replies


This bug is fixed now .
Thanks for reading :)

Share It!

Comments

comments powered by Disqus