Full Disclosure mailing list archives
Re: php-exec-dir vulnerable after latest upgrade
From: "C. McCohy" <mccohy () kyberdigi cz>
Date: Thu, 8 Jul 2004 09:47:57 +0200 (CEST)
So, finally I have identified the problem, which was in fact, that the construction used for calling a command via the backtick operator did not use the php_escape_shell_cmd() internal function, which escapes some 'ugly/unwanted' characters, like '&', ';', '|' and others. This function is already used if the command is called via exec(), system() or popen() functions, so these were not vulnerable. New patches for all versions are available on the project homepage http://kyebrdigi.cz/projects/execdir -- Baj ... C. McCohy While you are reading this text, an essential hacking tool is being silently installed on your computer. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- php-exec-dir vulnerable after latest upgrade VeNoMouS (Jul 07)
- Re: php-exec-dir vulnerable after latest upgrade C. McCohy (Jul 08)
- <Possible follow-ups>
- RE: php-exec-dir vulnerable after latest upgrade VeNoMouS (Jul 07)