[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

eAccelerator encoder files backup Vulnerability

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: eAccelerator encoder files backup Vulnerability
From: linuxrootkit2008@xxxxxxxxx
Date: 2 Jul 2009 03:19:03 -0000

eAccelerator encoder files backup Vulnerability

1.Description
eAccelerator is a free open-source PHP accelerator, optimizer, and dynamic 
content cache. It increases the performance of PHP scripts by caching them in 
their compiled state, so that the overhead of compiling is almost completely 
eliminated. It also optimizes scripts to speed up their execution. eAccelerator 
typically reduces server load and increases the speed of your PHP code by 1-10 
times.

2. The Vulnerability

eAccelerator has a function which encode php source in encoder.php.
You can backup all system files to specify directory or specify files.Of course 
you can upload image to Web Server and backup it to the web  directory
so you can ...........

3.II. Disclosure Timeline
2009/06/29  Vendor contact.
2009/06/30  Public Disclosure.

4. Thanks
all of Whitehat Community's friend && Great Milw0rm!
2009/06/30 by cnbird

Sorry my bad english!

Prev by Date: Sourcefire 3D Sensor and DC, privilege escalation vulnerability
Next by Date: [oCERT-2009-009] CamlImages integer overflows
Previous by thread: Sourcefire 3D Sensor and DC, privilege escalation vulnerability
Next by thread: [oCERT-2009-009] CamlImages integer overflows
Index(es):
- Date
- Thread