[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PHP Bug] How to hide a HTTP request in the apache logs

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: Re: [PHP Bug] How to hide a HTTP request in the apache logs
From: Max Valdez <maxvalde@xxxxxxxxxxx>
Date: Mon, 9 Aug 2004 16:14:29 -0500

works on Apache/2.0.50 PHP 4.3.8
over gentoo.

The subject is a little bit missleading, because the user has to be able to 
insert the code under documento root. Cant see any security concern on that 
code with social engeniering not involved.

Max

-- 
Linux garaged 2.6.7-rc3-mm2 #2 Sat Jun 19 15:43:32 CDT 2004 i686 Intel(R) 
Pentium(R) 4 CPU 2.80GHz GenuineIntel GNU/Linux
-----BEGIN GEEK CODE BLOCK-----
Version: 3.12
GS/S d- s: a-29 C++(+++) ULAHI+++ P+ L++>+++ E--- W++ N* o-- K- w++++ O- M-- 
V-- PS+ PE Y-- PGP++ t- 5- X+ R tv++ b+ DI+++ D- G++ e++ h+ r+ z**
------END GEEK CODE BLOCK------
gpg-key: http://garaged.homeip.net/gpg-key.txt

References:
- [PHP Bug] How to hide a HTTP request in the apache logs
  - From: Anthony Debhian

Prev by Date: First symbian OS trojan discovered in the wild
Next by Date: MDKSA-2004:080 - Updated shorewall packages fix temporary file vulnerabilities
Previous by thread: Re: [PHP Bug] How to hide a HTTP request in the apache logs
Next by thread: EXPLOIT Re: Pavuk Digest Authentication Buffer Overflow
Index(es):
- Date
- Thread