HTTPOXY Expoit in caddy environments, again through persistent php weaknesses!

[polonus]

We have for instance a Vimeo videoproxybid ; 80 get body, -snt.ru & -proxyzan dot com.
no I will withhold exact IP and location...we have to be responsible...

Exploitable with older versions of Caddy server via Run 'wget -S -header='Proxy': 1.2.3.4 : 8080

One can test this at https://yourdomain.com grep on info.php
Yes, php stays a 'can of worms' always.
A remedy is to strip the header, but how to do this?"
Re the manual: https://www.tutorialspoint.com/php/php_split.htm &
https://www.geeksforgeeks.org/split-a-comma-delimited-string-into-an-array-in-php/

//////
127.0.0.1:80 { root domains/localhost fastcgi /127.0.0.1 :9000 {
ext .php
split .php
index index.php
env HTTP_PROXY "
}
errors
} /////

info credits go to NIXTREN on https://github.com/mholt/caddy/issues/955

Detected thanks to the wonderful folks, that map all that insecurity at CENSYS. 


polonus (volunteer webserver error hunter)







'

[polonus]

For -http://s7.addthis.com/js/300/addthis_widget.js#pubid=rizicn on http://proxyzan.info/
https://www.virustotal.com/gui/url/f641a92d16b2faeef556efc2f01c85dcbe5e282642659e129ba7b6933a8fd6e4/community
Hunt down everything that has more than two IPs and tracks !
Results from scanning URL: -//s7.addthis.com/js/300/addthis_widget.js#pubid=rizicn
Number of sources found: 41
Number of sinks found: 16  related to -http://avpn.win.site2preview.com/
link: http://avpn.win/edit-browser.php

pol