http://www.wisec.it/news.php?page=1&lang=it
在2009-07-25?12:58:21,redbin?<[email protected]>?写道: > >[prev?in?list]?[next?in?list]?[prev?in?thread]?[next?in?thread] > >List:???????bugtraq >Subject:????Php?Vulnerability?N.?2 >From:???????Stefano?Di?Paola?<stefano.dipaola?()?wisec?!?it> >Date:???????2004-09-15?17:07:37 >Message-ID:?1095268057.2818.20.camel?()?localhost >[Download?message?RAW] > >Let's?go?for?the?second?one: > >========================================= >Title:?Overwrite?$_FILE?array?in?rfc1867?-?Mime?multipart/form-data >File >Upload > >Affected:?Php?<=?5.0.1 >Not?Affected:?it?seems?none >Vulnerability?Type:??Possible?write?of?a?downloaded?file?in?an >arbitrary >?????????????????????location. >Vendor?Status:?Vendor?has?released?a?fix?on?cvs.php.net > >==Summary: > >Bad?array?parsing?in?rfc1867.c?could?lead?to?overwrite?$_FILES?array >elements. > >==Description: > >I?don't?know?if?releasing?a?POC?for?this?vuln?is?a?good?thing?because >php?is?used?widely?in?the?net... >so?if?you?are?interested?feel?free?to?contact?me. > > >==Solution: >Authors?where?contacted?and?they?have?released?the?patch >that?can?be?found?on?the?CVS >cvs.php.net > >================================================= > >Regards, > >Stefano > >-..----=oOOo=----=oOOo=--------- >Stefano?Di?Paola >Software?Engineer > >stefano.dipaola_at_wisec_dot_it >stefano.dipaola1_at_tin_dot_it >------------------------------- > >[prev?in?list]?[next?in?list]?[prev?in?thread]?[next?in?thread] > > > > >Configure?|?About?|?News?|?Donate?|?Add?a?list?|?Sponsors:?10East, >KoreLogic,?Terra-International,?Chakpak.com > >> --~--~---------~--~----~------------~-------~--~----~ 要向邮件组发送邮件,请发到 [email protected] 要退订此邮件,请发邮件至 [email protected] -~----------~----~----~----~------~----~------~--~---
