Full Disclosure mailing list archives
Re: GOnicus System Administrator php injection
From: Dmitry Alyabyev <dimitry () al org ua>
Date: Mon, 24 Feb 2003 11:07:01 +0200
On Monday 24 February 2003 01:59, Melvyn Sopacua wrote:
On Sun, 23 Feb 2003, Karol [iso-8859-2] Wiêsek wrote: [snip backgroud, exploit analysis and version info] Ki82Ws>>> Temporary solution is to enable apache .htaccess authentication Ki82Ws>>> in all subdirectories containing .php files, which are included, not Ki82Ws>>> accessed directly. Ki82Ws>>> Ki82Ws>>> Example .htaccess file Ki82Ws>>> Ki82Ws>>> AuthType Basic Ki82Ws>>> AuthName koza Ki82Ws>>> UserAuthFile /dev/null That would be: AuthUserFile /dev/null
This way leds to losing SSI includes of .php files outside the dir -- Dimitry _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- GOnicus System Administrator php injection Karol Więsek (Feb 23)
- Re: GOnicus System Administrator php injection Melvyn Sopacua (Feb 23)
- Re: GOnicus System Administrator php injection Dmitry Alyabyev (Feb 24)
- Re: GOnicus System Administrator php injection Melvyn Sopacua (Feb 23)