Bugtraq mailing list archives
Re: phpMyAdmin 2.1.0 + world readable (apache) log files enable remote user to run
From: "Shaun Clowes" <shaun () securereality com au>
Date: Mon, 2 Jul 2001 20:16:24 +1000
arbitrary PHP Codes as apache user. From: <sl4sh () ifrance com> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Date: Sun, 1 Jul 2001 23:43:17 GMT Message-id: <200107012343.115e () lh00 opsion fr> Note : sorry for my pity english.
Just to be clear this vulnerability is the one we reported in pre advisory form in April (http://www.securereality.com.au/srpre00001.html) and presented in detail at the Black Hat Briefings in Asia. All users that applied our patch are not vulnerable to this problem. We'll be releasing a detailed advisory describing this hole and a paper on exploiting PHP scripts very soon. Thanks, Shaun SecureReality Pty Ltd
Current thread:
- phpMyAdmin 2.1.0 + world readable (apache) log files enable remote user to run alias (Jul 02)
- Re: phpMyAdmin 2.1.0 + world readable (apache) log files enable remote user to run Wolfgang Heinemann (Jul 02)
- Re: phpMyAdmin 2.1.0 + world readable (apache) log files enable remote user to run Shaun Clowes (Jul 02)