Vulnerability Development mailing list archives
Re: Vulnerability in PHP ?!?
From: "lion" <lion () cnhonker net>
Date: Tue, 14 May 2002 9:2:37 +0800
I've tested the exploit on redhat 7.2 default install and redhat 7.0 +apache 1.3.20+PHP 4.0.6 Can give you a uid "nobody" shell. lion
I've posted this before but it was not processed. --- I stumbled on some exploit code from TESO that is available at packetstorm (http://packetstormsecurity.nl/filedesc/7350fun.html). The code exists as a binary that is supposed to exploit mod_php 4.0.x and crash at least 4.1.2 I am curious what hole is being exploited. I can't remember a buffer overflow vulnerability being reported for mod_php 4.1.2 Anyone with ideas ? TIA Bone Machine
Current thread:
- Vulnerability in PHP ?!? BoneMachine (May 13)
- Re: Vulnerability in PHP ?!? Andreas Hasenack (May 13)
- Re: Vulnerability in PHP ?!? John (May 13)
- Re: Vulnerability in PHP ?!? Matthew Kauffman (May 13)
- Re: Vulnerability in PHP ?!? Matthew Kauffman (May 13)
- <Possible follow-ups>
- Re: Vulnerability in PHP ?!? lion (May 13)
- Re: Vulnerability in PHP ?!? Andreas Hasenack (May 13)