> arbitrary PHP Codes as apache user.
> From: <[EMAIL PROTECTED]>
> MIME-Version: 1.0
> Content-Type: text/plain; charset="iso-8859-1"
> Content-Transfer-Encoding: quoted-printable
> Date: Sun, 1 Jul 2001 23:43:17 GMT
> Message-id: <[EMAIL PROTECTED]>
>
> Note : sorry for my pity english.
Just to be clear this vulnerability is the one we reported in pre advisory
form in April (http://www.securereality.com.au/srpre00001.html) and
presented in detail at the Black Hat Briefings in Asia. All users that
applied our patch are not vulnerable to this problem. We'll be releasing a
detailed advisory describing this hole and a paper on exploiting PHP scripts
very soon.
Thanks,
Shaun
SecureReality Pty Ltd
