Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Critical PHP bug - act ASAP if you are running web with sensitive data

From: Tõnu Samuel <tonu () jes ee>
Date: Wed, 29 Mar 2006 08:33:36 +0300
Slythers Bro wrote:


<?php
   $host = "127.0.0.1 <http://127.0.0.1>";
   $user = "sqluser";
   $pass = "sqlpass";

   $foobar=html_entity_decode($_GET['foo']);
   echo $foobar;

?>


Situation is worse. I was able to see

1. Source code itself (may expose bugs in software)
2. Data from other threads. For exaxmple on busy web server I see pieces of HTML other users are seeing. Think if they are watching their private e-mails or use internet banking.
What is good for attacker - this exploit does not crash server. Just "reload" and more data is coming. So try it on production server and you see how dangerous it might be. At least till now we got no crashing problems with it. 

   Tõnu

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Previous By Date Next
Previous By Thread Next

Current thread: