[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Full-Disclosure] Re: php-exec-dir vulnerable after latest upgrade

To: VeNoMouS <venom@xxxxxxxxxxx>
Subject: [Full-Disclosure] Re: php-exec-dir vulnerable after latest upgrade
From: "C. McCohy" <mccohy@xxxxxxxxxxxx>
Date: Thu, 8 Jul 2004 09:47:57 +0200 (CEST)

So, finally I have identified the problem, which was in fact, that the
construction used for calling a command via the backtick operator did not
use the php_escape_shell_cmd() internal function, which escapes some
'ugly/unwanted' characters, like '&', ';', '|' and others. This function
is already used if the command is called via exec(), system() or popen()
functions, so these were not vulnerable.

New patches for all versions are available on the project homepage
http://kyebrdigi.cz/projects/execdir

--
Baj ... C. McCohy

While you are reading this text, an essential hacking tool
is being silently installed on your computer.


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

References:
- [Full-Disclosure] php-exec-dir vulnerable after latest upgrade
  - From: VeNoMouS

Prev by Date: Re: [Full-Disclosure] denial of service on ISN list
Next by Date: [Full-Disclosure] Fw: Funny Ass
Previous by thread: [Full-Disclosure] php-exec-dir vulnerable after latest upgrade
Next by thread: [Full-Disclosure] Nokia 3560 Remote DOS
Index(es):
- Date
- Thread