|
Full Disclosure
mailing list archives
Re: Apache 2.2.17 exploit?
From: xD 0x41 <secn3t () gmail com>
Date: Wed, 5 Oct 2011 08:53:42 +1100
There is ways to make it*say* things, like show system info etc on stdout,
without using that bug.. lookup a decent connectback shell, most perl ones
have fine stdinout and use printf or other means..
On 5 October 2011 08:39, Kai <kai () rhynn net> wrote:
Hi halfdog,
Just for those, who want to build their own apache shell code for
testing purposes, this snip might be of some use. It uses the still
open tcp connections to the server to spawn the shells, so that no
backconnect is needed. Of course, it does not give remote root but
only httpd user privs. And you should send "exec 1>&0" as first
command if you want to see remote shell stdout.
wasn't that bug fixed a long ago? https://bugs.php.net/bug.php?id=38915
---> https://issues.apache.org/bugzilla/show_bug.cgi?id=46425
sorry if i'm talking about different thing.
--
Cheers,
Kai
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
 By Date 
By Thread
Current thread:
Re: Apache 2.2.17 exploit? nix (Oct 03)
Re: Apache 2.2.17 exploit? GloW - XD (Oct 03)
Re: Apache 2.2.17 exploit? Nathaniel Hirsch (Oct 03)
Re: Apache 2.2.17 exploit? Andrew Farmer (Oct 03)
(Thread continues...)
|
