eAccelerator encoder files backup Vulnerability

From: linuxrootkit2008@xxxxxxxxx
Date: 2 Jul 2009 03:19:03 -0000

eAccelerator encoder files backup Vulnerability

1.Description
eAccelerator is a free open-source PHP accelerator, optimizer, and dynamic content cache. It increases the performance of PHP scripts by caching them in their compiled state, so that the overhead of compiling is almost completely eliminated. It also optimizes scripts to speed up their execution. eAccelerator typically reduces server load and increases the speed of your PHP code by 1-10 times.

2. The Vulnerability

eAccelerator has a function which encode php source in encoder.php.
You can backup all system files to specify directory or specify files.Of course you can upload image to Web Server and backup it to the web directory
so you can ...........

3.II. Disclosure Timeline
2009/06/29 Vendor contact.
2009/06/30 Public Disclosure.

4. Thanks
all of Whitehat Community's friend && Great Milw0rm!
2009/06/30 by cnbird

Sorry my bad english!

Prev by Date: Sourcefire 3D Sensor and DC, privilege escalation vulnerability
Next by Date: [oCERT-2009-009] CamlImages integer overflows
Previous by thread: Sourcefire 3D Sensor and DC, privilege escalation vulnerability
Next by thread: [oCERT-2009-009] CamlImages integer overflows
Index(es):
- Date
- Thread

Relevant Pages

Re: DFHSM MAXBACKUPTASKS(1) using 2 drives
... I ask this because 2 Backup Tasks is the default value. ... If you do not specify this parameter on any SETSYS ... DFHSM MAXBACKUPTASKSusing 2 drives ... We are a small shop and do not have a lot of tape ...
(bit.listserv.ibm-main)
Re: OpenVms Backup
... Let's go one further and specify ... Of course if you have hot backup systems, and reduncancy, you can take ... the time to rebuild a system disk and rebuild the lost files. ...
(comp.os.vms)
RE: Using NT Backup to make daily tape backup of member server.
... daily backup use Windows SBS Backup system: ... Specify the backup type, destination, and name in the appropriate boxes, ... The Schedule Job dialog box appears so you can configure when and how ... the name and password with which the scheduled backup job will run. ...
(microsoft.public.windows.server.sbs)
Re: NT Backup Fails to External HD - Insufficient Disk Space
... But you don't specify how big your drive is? ... Did you specify to append or overwrite? ... "Insufficient disk space. ... When I created each backup job, ...
(microsoft.public.windows.server.sbs)
Re: What backup software do you recommend?
... Well, I do want the backup to have the same files, ... I want to take folders A, C, F, H, and I (or ... whatever media I specify on whatever schedule I specify. ... Retrospect is very powerful. ...
(comp.sys.mac.apps)