Full Disclosure mailing list archives
Re: flaw in php_exec_dir patch
From: "VeNoMouS" <venom () gen-x co nz>
Date: Sat, 26 Jun 2004 13:34:44 +1200
Dude do you even know what php_exec_dir patch is, its a patch so you dont have to turn safe mode on, which disables a bunch of shit that you need, so the patch was a work around simply stop you executing programs.
heres a hint, learn about the product b4 you spam a mailing list, i see 5 posts from you asking the exact same question 2 hrs apart from each other you think you could've googled in that time or perhaps fixed your mail queue?
either or, stop being so fucking lazy.----- Original Message ----- From: "npguy" <npguy () websurfer com np>
To: "VeNoMouS" <venom () gen-x co nz>; <full-disclosure () lists netsys com> Sent: Friday, June 25, 2004 2:47 AM Subject: Re: [Full-disclosure] flaw in php_exec_dir patch
is your safe mode on? .. whats ur platorm. give more details! On Wednesday 23 June 2004 07:05 am, VeNoMouS wrote:Found a issue last night while testing php_exec_dir patch if you do the following $blah=`ps aux`; echo nl2br($blah); php_exec_dir will block the call if you have set the exec_dir parm in php or apache anyway.... if you do this $blah=`;ps aux`; echo nl2br($blah); it bypasses the exec block and excutes the ps due to the ';', as bash interrupts ';' as a new cmd, ive emailed the author but no response._______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- flaw in php_exec_dir patch VeNoMouS (Jun 22)
- Re: flaw in php_exec_dir patch npguy (Jun 24)
- Re: flaw in php_exec_dir patch Tim (Jun 25)
- Re: flaw in php_exec_dir patch VeNoMouS (Jun 26)
- Re: flaw in php_exec_dir patch VeNoMouS (Jun 25)
- Re: flaw in php_exec_dir patch npguy (Jun 26)
- ZH2004-13SA (security advisory): Sql Injection in Help Desp Pro 2.0 D'Amato Luigi (Jun 26)
- Re: flaw in php_exec_dir patch Tim (Jun 25)
- Re: flaw in php_exec_dir patch npguy (Jun 24)