Re: Vulnerability in PHP ?!?

From: lion (lionat_private)
Date: Mon May 13 2002 - 18:02:37 PDT

Next message: frog frog: "About PHPImageview"

Previous message: Mihai (Cop) Moldovanu: "Re: Vulnerability in PHP ?!?"
Maybe in reply to: BoneMachine: "Vulnerability in PHP ?!?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

I've tested the exploit on redhat 7.2 default install and redhat 7.0 +apache 1.3.20+PHP 4.0.6
Can give you a uid "nobody" shell.

lion

>I've posted this before but it was not processed.
>
>--- 
>
>I stumbled on some exploit code from TESO that is available at
>packetstorm (http://packetstormsecurity.nl/filedesc/7350fun.html). The
>code exists as a binary that is supposed to exploit
>mod_php 4.0.x and crash at least 4.1.2
>
>I am curious what hole is being exploited. I can't remember a buffer
>overflow vulnerability being reported for mod_php 4.1.2
>Anyone with ideas ?
>
>TIA
>Bone Machine

Next message: frog frog: "About PHPImageview"
Previous message: Mihai (Cop) Moldovanu: "Re: Vulnerability in PHP ?!?"
Maybe in reply to: BoneMachine: "Vulnerability in PHP ?!?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Mon May 13 2002 - 20:37:24 PDT