Re: [Full-disclosure] PHP Command/Safemode Exploit

From: Christopher Kunz (christopher.kunz_at_hardened-php.net)
Date: 07/29/05

  • Next message: Jochen Kaiser: "Re: [Full-disclosure] Cisco IOS Shellcode Presentation"
    Date: Fri, 29 Jul 2005 23:16:45 +0200
    
    

    Christopher Kunz wrote:

    > If you filter user input correctly, there's absolutely nothing to worry.
    > You might, however, want to check out the Hardening Patch for PHP
    > (http://www.hardened-php.net/, shameless plug) which permits include()

    "disallows", of course. It has been a long week, I apologize.

    --ck
    _______________________________________________
    Full-Disclosure - We believe in it.
    Charter: http://lists.grok.org.uk/full-disclosure-charter.html
    Hosted and sponsored by Secunia - http://secunia.com/


  • Next message: Jochen Kaiser: "Re: [Full-disclosure] Cisco IOS Shellcode Presentation"

    Relevant Pages

    • Re: Problem with classes
      ... At the beginning, I'm apologize ... for my weak english skills. ... > Old version of PHP doesn't support instantiate like this: ... Every version of PHP I know of supports ...
      (comp.lang.php)
    • Issue with PHP and hard coded site name
      ... I am trying to update a web page we have, not a web person so I apologize in ... When I try to use Dreamweaver to work on it I end up going to our ... public site. ... It seems as though the site name is "hardcoded" in a php file. ...
      (alt.php)
    • Re: Fatal error: Function name must be a string
      ... > Maybe in some other language, but in PHP we use square brackets for ... > array indices, thus: ... I apologize; my reply was sent in a hurry. ...
      (alt.php)
    • Re: Problem with classes
      ... What version of PHP do you use? ... Old version of PHP doesn't support instantiate like this: ... At the beginning, I'm apologize ... for my weak english skills. ...
      (comp.lang.php)