[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Full-disclosure] Critical PHP bug - act ASAP if you are running web with sensitive data
- To: full-disclosure@xxxxxxxxxxxxxxxxx
- Subject: [Full-disclosure] Critical PHP bug - act ASAP if you are running web with sensitive data
- From: Tõnu Samuel <tonu@xxxxxx>
- Date: Wed, 29 Mar 2006 10:08:32 +0300
---------- Forwarded Message ----------
Subject: Re: [Full-disclosure] Critical PHP bug - act ASAP if you are running
web with sensitive data
Date: Wednesday 29 March 2006 10:06
From: Tõnu Samuel <tonu@xxxxxx>
To: Jasper Bryant-Greene <jasper@xxxxxxxxxxx>
On Wednesday 29 March 2006 08:54, you wrote:
> Sure, this is still a fairly serious bug. (As an aside, if you have
> sensitive data, you really shouldn't allow users to upload new scripts,
> or be running in a shared hosting env.)
There is a one vector most people do not seem to know. You can telnet to port
80 and say
GET <?php .....
write full script there and include web server log file later. Who knows what
else blackhats can do. Every single hole must be closed.
> I can't speak for other distros, but there's a bug in Gentoo Bugzilla
> for this: http://bugs.gentoo.org/127939
Thank you! I think this problem must be fixed in every PHP version, not only
5.1 series. They knew about it but never told. That's bad.
Tõnu
-------------------------------------------------------
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/