Re: php mail function bypass safe_mode restriction

From: Jon Ribbens (jon+bugtraqat_private)
Date: Thu Jul 19 2001 - 12:05:45 PDT

Next message: Mike Lewinski: "Re: Two birds with one worm."

Previous message: Joe Harris: "Re: [BUGTRAQ] Full analysis of the .ida "Code Red" worm."
In reply to: Laurent Sintes: "Re: php mail function bypass safe_mode restriction"
Next in thread: Stuart Moore: "Re: php mail function bypass safe_mode restriction"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Laurent Sintes <sintesat_private> wrote:
> extra_cmd = php_escape_shell_arg(Z_STRVAL_PP(argv[4]));
> 
> But it is not a suffisant check because php_escape_shell_arg
> does not escape all charaters.

False. escape_shell_arg will successfully escape all characters from
shells.

Next message: Mike Lewinski: "Re: Two birds with one worm."
Previous message: Joe Harris: "Re: [BUGTRAQ] Full analysis of the .ida "Code Red" worm."
In reply to: Laurent Sintes: "Re: php mail function bypass safe_mode restriction"
Next in thread: Stuart Moore: "Re: php mail function bypass safe_mode restriction"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Thu Jul 19 2001 - 12:16:48 PDT