Full Disclosure mailing list archives
Re: Apache 2.2.17 exploit?
From: xD 0x41 <secn3t () gmail com>
Date: Wed, 5 Oct 2011 08:55:07 +1100
could be used a very handy 'bind' shell tho... On 5 October 2011 08:51, Andrew Farmer <andfarm () gmail com> wrote:
On 2011-10-04, at 14:39, Kai wrote:Hi halfdog,Just for those, who want to build their own apache shell code for testing purposes, this snip might be of some use. It uses the still open tcp connections to the server to spawn the shells, so that no backconnect is needed. Of course, it does not give remote root but only httpd user privs. And you should send "exec 1>&0" as first command if you want to see remote shell stdout.wasn't that bug fixed a long ago? https://bugs.php.net/bug.php?id=38915 ---> https://issues.apache.org/bugzilla/show_bug.cgi?id=46425 sorry if i'm talking about different thing.It's a generic method of getting a shell set up once you have code execution, not an exploit for any specific bug. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Re: Apache 2.2.17 exploit?, (continued)
- Re: Apache 2.2.17 exploit? adam (Oct 03)
- Re: Apache 2.2.17 exploit? PsychoBilly (Oct 03)
- Re: Apache 2.2.17 exploit? Darren Martyn (Oct 03)
- Re: Apache 2.2.17 exploit? adam (Oct 03)
- Re: Apache 2.2.17 exploit? xD 0x41 (Oct 04)
- Re: Apache 2.2.17 exploit? Darren Martyn (Oct 04)
- Re: Apache 2.2.17 exploit? halfdog (Oct 04)
- Re: Apache 2.2.17 exploit? xD 0x41 (Oct 04)
- Re: Apache 2.2.17 exploit? Kai (Oct 04)
- Re: Apache 2.2.17 exploit? Andrew Farmer (Oct 04)
- Re: Apache 2.2.17 exploit? xD 0x41 (Oct 04)
- Re: Apache 2.2.17 exploit? Valdis . Kletnieks (Oct 04)
- Re: Apache 2.2.17 exploit? xD 0x41 (Oct 04)
- Re: Apache 2.2.17 exploit? xD 0x41 (Oct 04)
- Re: Apache 2.2.17 exploit? halfdog (Oct 04)
- Re: Apache 2.2.17 exploit? halfdog (Oct 04)
- Re: Apache 2.2.17 exploit? Andrew Farmer (Oct 04)
- Re: Apache 2.2.17 exploit? GloW - XD (Oct 03)
- Re: Apache 2.2.17 exploit? GloW - XD (Oct 03)
- Re: Apache 2.2.17 exploit? Laurelai (Oct 03)