Re: phpMyAdmin 2.1.0 + world readable (apache) log files enable remote user to run

From: Shaun Clowes (shaunat_private)
Date: Mon Jul 02 2001 - 03:16:24 PDT

Next message: Angus: "Re: PhpMyAdmin 2.1.0"

Previous message: Ertan Kurt: "Cisco IOS HTTP Configuration Exploit"
In reply to: aliasat_private: "phpMyAdmin 2.1.0 + world readable (apache) log files enable remote user to run"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

> arbitrary PHP Codes as apache user.
> From: <sl4shat_private>
> MIME-Version: 1.0
> Content-Type: text/plain; charset="iso-8859-1"
> Content-Transfer-Encoding: quoted-printable
> Date: Sun, 1 Jul 2001 23:43:17 GMT
> Message-id: <200107012343.115eat_private>
>
> Note : sorry for my pity english.

Just to be clear this vulnerability is the one we reported in pre advisory
form in April (http://www.securereality.com.au/srpre00001.html) and
presented in detail at the Black Hat Briefings in Asia. All users that
applied our patch are not vulnerable to this problem. We'll be releasing a
detailed advisory describing this hole and a paper on exploiting PHP scripts
very soon.

Thanks,
Shaun
SecureReality Pty Ltd

Next message: Angus: "Re: PhpMyAdmin 2.1.0"
Previous message: Ertan Kurt: "Cisco IOS HTTP Configuration Exploit"
In reply to: aliasat_private: "phpMyAdmin 2.1.0 + world readable (apache) log files enable remote user to run"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Mon Jul 02 2001 - 13:04:01 PDT