I've tested the exploit on redhat 7.2 default install and redhat 7.0 +apache 1.3.20+PHP 4.0.6 Can give you a uid "nobody" shell. lion >I've posted this before but it was not processed. > >--- > >I stumbled on some exploit code from TESO that is available at >packetstorm (http://packetstormsecurity.nl/filedesc/7350fun.html). The >code exists as a binary that is supposed to exploit >mod_php 4.0.x and crash at least 4.1.2 > >I am curious what hole is being exploited. I can't remember a buffer >overflow vulnerability being reported for mod_php 4.1.2 >Anyone with ideas ? > >TIA >Bone Machine
This archive was generated by hypermail 2b30 : Mon May 13 2002 - 20:37:24 PDT