| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <011a01c45b1d$c2a774b0$5746370a@nsp.co.nz> From: venom at gen-x.co.nz (VeNoMouS) Subject: flaw in php_exec_dir patch Dude do you even know what php_exec_dir patch is, its a patch so you dont have to turn safe mode on, which disables a bunch of shit that you need, so the patch was a work around simply stop you executing programs. heres a hint, learn about the product b4 you spam a mailing list, i see 5 posts from you asking the exact same question 2 hrs apart from each other you think you could've googled in that time or perhaps fixed your mail queue? either or, stop being so fucking lazy. ----- Original Message ----- From: "npguy" <npguy@...surfer.com.np> To: "VeNoMouS" <venom@...-x.co.nz>; <full-disclosure@...ts.netsys.com> Sent: Friday, June 25, 2004 2:47 AM Subject: Re: [Full-Disclosure] flaw in php_exec_dir patch > is your safe mode on? .. whats ur platorm. > give more details! > > On Wednesday 23 June 2004 07:05 am, VeNoMouS wrote: >> Found a issue last night while testing php_exec_dir patch >> >> if you do the following >> >> $blah=`ps aux`; >> echo nl2br($blah); >> >> php_exec_dir will block the call if you have set the exec_dir parm in php >> or apache >> >> anyway.... if you do this >> >> $blah=`;ps aux`; >> echo nl2br($blah); >> >> it bypasses the exec block and excutes the ps due to the ';', as bash >> interrupts ';' as a new cmd, ive emailed the author but no response. > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.netsys.com/full-disclosure-charter.html >
Powered by blists - more mailing lists