[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: PHPCentral Poll Script Remote Command Execution Vulnerability

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: Re: PHPCentral Poll Script Remote Command Execution Vulnerability
From: Eren Türkay <turkay.eren@xxxxxxxxx>
Date: Tue, 21 Aug 2007 00:11:57 +0300

On Monday 20 August 2007 23:10:22 Coopercentral@xxxxxxxxx wrote:
> HI:
>
> I am the creator of this poll script, and would like to do whatever
> possible to make this NOT vulnerable.  Thanks for finding this, and hope I
> can help.

I guess, if "register_globals" option is off (it's off by default since php4), 
this exploit will fail and not work..

Please make sure that you disabled "register_globals" option in your php.ini 
who uses this script and who uses php.

References:
- Re: PHPCentral Poll Script Remote Command Execution Vulnerability
  - From: Coopercentral

Prev by Date: Re: Re: Safari for windows remote arbitry file upload
Next by Date: [USN-500-1] rsync vulnerability
Previous by thread: Re: PHPCentral Poll Script Remote Command Execution Vulnerability
Next by thread: Vulnerability in multiple "now playing" scripts for various IRC clients
Index(es):
- Date
- Thread