Full Disclosure mailing list archives
flaw in php_exec_dir patch
From: "VeNoMouS" <venom () gen-x co nz>
Date: Wed, 23 Jun 2004 13:20:18 +1200
Found a issue last night while testing php_exec_dir patch if you do the following $blah=`ps aux`; echo nl2br($blah); php_exec_dir will block the call if you have set the exec_dir parm in php or apache anyway.... if you do this $blah=`;ps aux`; echo nl2br($blah); it bypasses the exec block and excutes the ps due to the ';', as bash interrupts ';' as a new cmd, ive emailed the author but no response.
Current thread:
- flaw in php_exec_dir patch VeNoMouS (Jun 22)
- Re: flaw in php_exec_dir patch npguy (Jun 24)
- Re: flaw in php_exec_dir patch Tim (Jun 25)
- Re: flaw in php_exec_dir patch VeNoMouS (Jun 26)
- Re: flaw in php_exec_dir patch VeNoMouS (Jun 25)
- Re: flaw in php_exec_dir patch npguy (Jun 26)
- ZH2004-13SA (security advisory): Sql Injection in Help Desp Pro 2.0 D'Amato Luigi (Jun 26)
- Re: flaw in php_exec_dir patch Tim (Jun 25)
- Re: flaw in php_exec_dir patch npguy (Jun 24)