Facebook HHVM Insecure File Caching via cached.php

Bug Type: Insecure Caching caused Local File Inclusion from down directories
Script Url: http://hhvm.com/
Buggy File: Cached.php
Status : Fixed

Detailed WriteUp: Hey all 🙂 , Back in April i reported a code bug in facebook HHVM package. It was fixed lately by HHVM Team. If you have no idea what is HHVM then you can follow this link : http://hhvm.com
So following are details : Below is the extracted package of hhvm.

Cached.php file is used to cache javascript and css files . Example:

http://localhost:1337/hhvm/cached.php?f=styles%2Ftheme-base.css

But it doesnt restrict to load only js and css files. Here is code that load file passed in GET parameter “f” .

Now lets try loading some local php file.

http://localhost:1337/hhvm/cached.php?f=search.php

In this way we can access the source of any php files that are down the directory, Up directory wont work due to the protection in the code , so we cant access any etc/passwd etc.
Facebook replies

This bug is fixed now .
Thanks for reading 🙂

(Visited 9 times, 1 visits today)

Leave A Comment

Your email address will not be published. Required fields are marked *