mailing list archives
php-exec-dir vulnerable after latest upgrade
From: "VeNoMouS" <venom () gen-x co nz>
Date: Thu, 8 Jul 2004 13:05:24 +1200
$blah = `| /bin/ps aux`;
^^ do a |<space>ps exploits it again
i my exec_dir in php.ini set to /usr/local/lib/php/bin/ with nothing inside
it and i was still able to execute it, you HAVE to do the space after the
----- Original Message -----
From: "C. McCohy" <mccohy () kyberdigi cz>
To: "VeNoMouS" <venom () gen-x co nz>
Sent: Wednesday, July 07, 2004 9:43 PM
Subject: Re: php-exec-dir vulnerable?
Ok I fixed all patches to all previous and current versions of the patch,
description can be found on the project homepage
Please inform all internet groups you have informed about the bug before.
Baj ... C. McCohy
While you are reading this text, an essential hacking tool
is being silently installed on your computer.
Full-Disclosure - We believe in it.
- php-exec-dir vulnerable after latest upgrade VeNoMouS (Jul 08)