Full Disclosure mailing list archives
Re: Apache suEXEC privilege elevation / information disclosure
From: andfarm <andfarm () gmail com>
Date: Wed, 7 Aug 2013 12:24:11 -0700
On 2013-08-07, at 09:08, king cope <isowarez.isowarez.isowarez () googlemail com> wrote:
SymLinksIfOwnerMatch will not help in this attack scenario because the .htaccess file overwrites this Options directive
AllowOverride can be used to prevent this as well by specifying a set of values for Options which does not include FollowSymlinks, e.g. AllowOverride AuthConfig FileInfo Indexes Limit Options=ExecCGI,Includes,Indexes,MultiViews,SymlinksIfOwnerMatch _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Apache suEXEC privilege elevation / information disclosure king cope (Aug 07)
- Message not available
- Re: Apache suEXEC privilege elevation / information disclosure king cope (Aug 07)
- Re: Apache suEXEC privilege elevation / information disclosure andfarm (Aug 07)
- Re: Apache suEXEC privilege elevation / information disclosure E R (Aug 08)
- Re: Apache suEXEC privilege elevation / information disclosure Michal Zalewski (Aug 11)
- Re: Apache suEXEC privilege elevation / information disclosure king cope (Aug 07)
- Message not available
- Re: Apache suEXEC privilege elevation / information disclosure Kingcope (Aug 09)
- Re: Apache suEXEC privilege elevation / information disclosure Noel Butler (Aug 09)
- Re: Apache suEXEC privilege elevation / information disclosure Kingcope (Aug 09)
- Re: Apache suEXEC privilege elevation / information disclosure Noel Butler (Aug 09)
- Re: Apache suEXEC privilege elevation / information disclosure R. Whitney (Aug 09)
- Re: Apache suEXEC privilege elevation / information disclosure mezgani ali (Aug 09)
- Re: Apache suEXEC privilege elevation / information disclosure Noel Butler (Aug 09)
- Re: Apache suEXEC privilege elevation / Dico Emil (Aug 09)