[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-disclosure] CYBSEC Advisory#2010-0605 InterScan Web Security 5.0 Arbitrary File Upload

To: full-disclosure@xxxxxxxxxxxxxxxxx
Subject: Re: [Full-disclosure] CYBSEC Advisory#2010-0605 InterScan Web Security 5.0 Arbitrary File Upload
From: Nahuel Grisolia <nahuel@xxxxxxxxxxxxxx>
Date: Fri, 25 Jun 2010 09:02:57 -0300

On 06/24/2010 04:53 PM, Moritz Hoffmann wrote:
> On 06/23/2010 04:40 PM, Cybsec - Security Systems wrote:
> 
>> Direct execution of arbitrary PHP code in the Web Server.
> 
> 
> I assume this is a Java-based application, why do you state that as a
> result PHP code can be executed? I don't get it...
> 

Moritz, I think this is just a mistake. do a s/PHP/JSP/g ;) Or Apache
PHP Module is just On.

If I'm wrong, please, let the list know.

regards,
-- 
Nahuel Grisolia - C|EH
Information Security Consultant
Bonsai Information Security Project Leader
http://www.bonsai-sec.com/
(+54-11) 4777-3107

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

References:
- [Full-disclosure] CYBSEC Advisory#2010-0605 InterScan Web Security 5.0 Arbitrary File Upload
  - From: Cybsec - Security Systems
- Re: [Full-disclosure] CYBSEC Advisory#2010-0605 InterScan Web Security 5.0 Arbitrary File Upload
  - From: Moritz Hoffmann

Prev by Date: Re: [Full-disclosure] CYBSEC Advisory#2010-0605 InterScan Web Security 5.0 Arbitrary File Upload
Next by Date: [Full-disclosure] ZDI-10-114: Adobe Flash Player AVM2 getouterscope Opcode Remote Code Execution Vulnerability
Previous by thread: Re: [Full-disclosure] CYBSEC Advisory#2010-0605 InterScan Web Security 5.0 Arbitrary File Upload
Next by thread: [Full-disclosure] CYBSEC Advisory#2010-0606 InterScan Web Security 5.0 Arbitrary File Download
Index(es):
- Date
- Thread