Bug Type: Insecure Caching caused Local File Inclusion from down directories
Script Url: http://hhvm.com/
Buggy File: Cached.php
Status : Fixed
Detailed WriteUp: Hey all 🙂 , Back in April i reported a code bug in facebook HHVM package. It was fixed lately by HHVM Team. If you have no idea what is HHVM then you can follow this link : http://hhvm.com
So following are details : Below is the extracted package of hhvm.
Cached.php file is used to cache javascript and css files . Example:
But it doesnt restrict to load only js and css files. Here is code that load file passed in GET parameter “f” .
Now lets try loading some local php file.
In this way we can access the source of any php files that are down the directory, Up directory wont work due to the protection in the code , so we cant access any etc/passwd etc.
Facebook replies
This bug is fixed now .
Thanks for reading 🙂