Full Disclosure mailing list archives
Re: Critical PHP bug - act ASAP if you are running web with sensitive data
From: nocfed <nocfed () gmail com>
Date: Wed, 29 Mar 2006 02:40:49 -0600
On 3/29/06, Tõnu Samuel <tonu () jes ee> wrote:
---SNIP---
There is a one vector most people do not seem to know. You can telnet to port 80 and say GET <?php ..... write full script there and include web server log file later. Who knows what else blackhats can do. Every single hole must be closed.
---END SNIP--- Right, that is a vector that nobody knows about unless they have common sense. There were previous bugs with text editor(s) which used logfiles to push the payload. Why someone would ever decide to include parsable logfiles directly into a script is beyond me, and I'm sure is even beyond the kid that has been tinkering around the crap known as php, a god awful scripting language, for but a single day. Are we next going to be told about the little known security flaw of directly putting user input into a system() call that uses sudo(8) with no password verification?
I can't speak for other distros, but there's a bug in Gentoo Bugzilla for this: http://bugs.gentoo.org/127939Thank you! I think this problem must be fixed in every PHP version, not only 5.1 series. They knew about it but never told. That's bad. Tõnu -------------------------------------------------------
Never told? It was in CVS. Do you wish for all OSS projects to just include mailing lists on every bug submited? From now on we'll just all CC full-disclosure on every bugzilla report and CVS submission that we come across or submit. By the way, why start a new thread with the same subject? _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Critical PHP bug - act ASAP if you are running web with sensitive data Tõnu Samuel (Mar 28)
- Re: Critical PHP bug - act ASAP if you are running web with sensitive data nocfed (Mar 29)
- Re: Critical PHP bug - act ASAP if you are running web with sensitive data Valdis . Kletnieks (Mar 29)
- Re: Critical PHP bug - act ASAP if you are running web with sensitive data nocfed (Mar 29)