[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-Disclosure] flaw in php_exec_dir patch

To: "VeNoMouS" <venom@xxxxxxxxxxx>, <full-disclosure@xxxxxxxxxxxxxxxx>
Subject: Re: [Full-Disclosure] flaw in php_exec_dir patch
From: npguy <npguy@xxxxxxxxxxxxxxxx>
Date: Thu, 24 Jun 2004 20:32:24 +0545

is your safe mode on? .. whats ur platorm. 
give more details! 

On Wednesday 23 June 2004 07:05 am, VeNoMouS wrote:
> Found a issue last night while testing php_exec_dir patch
>
> if you do the following
>
> $blah=`ps aux`;
> echo nl2br($blah);
>
> php_exec_dir will block the call if you have set the exec_dir parm in php
> or apache
>
> anyway.... if you do this
>
> $blah=`;ps aux`;
> echo nl2br($blah);
>
> it bypasses the exec block and excutes the ps due to the ';', as bash
> interrupts ';' as a new cmd, ive emailed the author but no response.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Follow-Ups:
- Re: [Full-Disclosure] flaw in php_exec_dir patch
  - From: Tim
- Re: [Full-Disclosure] flaw in php_exec_dir patch
  - From: VeNoMouS

References:
- [Full-Disclosure] flaw in php_exec_dir patch
  - From: VeNoMouS

Prev by Date: RE: [Full-Disclosure] New Worm Discovery - Potential Korgo Variant
Next by Date: Re: [Full-Disclosure] New Worm Discovery - Potential Korgo Variant
Previous by thread: [Full-Disclosure] flaw in php_exec_dir patch
Next by thread: Re: [Full-Disclosure] flaw in php_exec_dir patch
Index(es):
- Date
- Thread