heres a hint, learn about the product b4 you spam a mailing list, i see 5 posts from you asking the exact same question 2 hrs apart from each other you think you could've googled in that time or perhaps fixed your mail queue?
either or, stop being so fucking lazy.
----- Original Message ----- From: "npguy" <[EMAIL PROTECTED]>
To: "VeNoMouS" <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]>
Sent: Friday, June 25, 2004 2:47 AM
Subject: Re: [Full-Disclosure] flaw in php_exec_dir patch
is your safe mode on? .. whats ur platorm. give more details!
On Wednesday 23 June 2004 07:05 am, VeNoMouS wrote:Found a issue last night while testing php_exec_dir patch
if you do the following
$blah=`ps aux`; echo nl2br($blah);
php_exec_dir will block the call if you have set the exec_dir parm in php or apache
anyway.... if you do this
$blah=`;ps aux`; echo nl2br($blah);
it bypasses the exec block and excutes the ps due to the ';', as bash interrupts ';' as a new cmd, ive emailed the author but no response.
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
