Oh, what does this mean? > Date: Fri, 24 Jul 2009 21:58:21 -0700 > Subject: [Ph4nt0m] Re: 晕,真的假的?PHP未明远程任意文件上传漏洞 > From: [email protected] > To: [email protected] > > > [prev in list] [next in list] [prev in thread] [next in thread] > > List: bugtraq > Subject: Php Vulnerability N. 2 > From: Stefano Di Paola <stefano.dipaola () wisec ! it> > Date: 2004-09-15 17:07:37 > Message-ID: 1095268057.2818.20.camel () localhost > [Download message RAW] > > Let's go for the second one: > > ========================================= > Title: Overwrite $_FILE array in rfc1867 - Mime multipart/form-data > File > Upload > > Affected: Php <= 5.0.1 > Not Affected: it seems none > Vulnerability Type: Possible write of a downloaded file in an > arbitrary > location. > Vendor Status: Vendor has released a fix on cvs.php.net > > ==Summary: > > Bad array parsing in rfc1867.c could lead to overwrite $_FILES array > elements. > > ==Description: > > I don't know if releasing a POC for this vuln is a good thing because > php is used widely in the net... > so if you are interested feel free to contact me. > > > ==Solution: > Authors where contacted and they have released the patch > that can be found on the CVS > cvs.php.net > > ================================================= > > Regards, > > Stefano > > -..----=oOOo=----=oOOo=--------- > Stefano Di Paola > Software Engineer > > stefano.dipaola_at_wisec_dot_it > stefano.dipaola1_at_tin_dot_it > ------------------------------- > > [prev in list] [next in list] [prev in thread] [next in thread] > > > > > Configure | About | News | Donate | Add a list | Sponsors: 10East, > KoreLogic, Terra-International, Chakpak.com > > >
_________________________________________________________________ 与任何您希望的人分享您的回忆。 http://www.microsoft.com/china/windows/windowslive/products/photos-share.aspx?tab=1 --~--~---------~--~----~------------~-------~--~----~ 要向邮件组发送邮件,请发到 [email protected] 要退订此邮件,请发邮件至 [email protected] -~----------~----~----~----~------~----~------~--~---
