Bugtraq mailing list archives

Re: phpMyAdmin 2.1.0 + world readable (apache) log files enable remote user to run

From: "Shaun Clowes" <shaun () securereality com au>
Date: Mon, 2 Jul 2001 20:16:24 +1000

arbitrary PHP Codes as apache user.
From: <sl4sh () ifrance com>
MIME-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
Date: Sun, 1 Jul 2001 23:43:17 GMT
Message-id: <200107012343.115e () lh00 opsion fr>

Note : sorry for my pity english.


Just to be clear this vulnerability is the one we reported in pre advisory
form in April (http://www.securereality.com.au/srpre00001.html) and
presented in detail at the Black Hat Briefings in Asia. All users that
applied our patch are not vulnerable to this problem. We'll be releasing a
detailed advisory describing this hole and a paper on exploiting PHP scripts
very soon.

Thanks,
Shaun
SecureReality Pty Ltd

Current thread:

phpMyAdmin 2.1.0 + world readable (apache) log files enable remote user to run alias (Jul 02)
- Re: phpMyAdmin 2.1.0 + world readable (apache) log files enable remote user to run Wolfgang Heinemann (Jul 02)
- Re: phpMyAdmin 2.1.0 + world readable (apache) log files enable remote user to run Shaun Clowes (Jul 02)