Re: flaw in php_exec_dir patch

["VeNoMouS" <venom () gen-x co nz>]

Dude do you even know what php_exec_dir patch is, its a patch so you dont 
have to turn safe mode on, which disables a bunch of shit that you need, so 
the patch was a work around simply stop you executing programs.

heres a hint, learn about the product b4 you spam a mailing list, i see 5 
posts from you asking the exact same question 2 hrs apart from each other 
you think you could've googled in that time or perhaps fixed your mail 
queue?

either or, stop being so fucking lazy.


----- Original Message ----- 
From: "npguy" <npguy () websurfer com np>
To: "VeNoMouS" <venom () gen-x co nz>; <full-disclosure () lists netsys com>
Sent: Friday, June 25, 2004 2:47 AM
Subject: Re: [Full-disclosure] flaw in php_exec_dir patch


> is your safe mode on? .. whats ur platorm.
> give more details!
>
> On Wednesday 23 June 2004 07:05 am, VeNoMouS wrote:
> > Found a issue last night while testing php_exec_dir patch
> >
> > if you do the following
> >
> > $blah=`ps aux`;
> > echo nl2br($blah);
> >
> > php_exec_dir will block the call if you have set the exec_dir parm in php
> > or apache
> >
> > anyway.... if you do this
> >
> > $blah=`;ps aux`;
> > echo nl2br($blah);
> >
> > it bypasses the exec block and excutes the ps due to the ';', as bash
> > interrupts ';' as a new cmd, ive emailed the author but no response.
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html