Home page logo

fulldisclosure logo Full Disclosure mailing list archives

Fw: php-exec-dir vulnerable?
From: "VeNoMouS" <venom () gen-x co nz>
Date: Thu, 8 Jul 2004 10:59:38 +1200

Php-exec-dir been fixed for those who care.

http://kyberdigi.cz/projects/execdir/english.html for those who need english heh

VeNoMouS reported that you can execute commands out of specified directories if you prepend a ';' character to the beginning of the command and try to execute it with the backtick operator. In original safe_mode_exec_dir the backtick operator is turned off, in this patch it is not. Therefore, all the patches listed here were updated with a simple fix that ignores commands to be run through the backtick operator contaning this dangerous character. A warning will be printed to standard output and command will not be run. You are strongly encouraged to download new patch for your version of PHP. The patches listed in section download are correct ones, so check the MD5 of the patch you have to those in the list. All version from 4.3.2 to 4.3.7 (inclusive) were vulnerable.

----- Original Message ----- From: "C. McCohy" <mccohy () kyberdigi cz>
To: "VeNoMouS" <venom () gen-x co nz>
Sent: Wednesday, July 07, 2004 9:43 PM
Subject: Re: php-exec-dir vulnerable?

Ok I fixed all patches to all previous and current versions of the patch,
description can be found on the project homepage

Please inform all internet groups you have informed about the bug before.

Baj ... C. McCohy

While you are reading this text, an essential hacking tool
is being silently installed on your computer.

Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

  By Date           By Thread  

Current thread:
  • Fw: php-exec-dir vulnerable? VeNoMouS (Jul 07)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]