国外有朋友测试貌似成功了。不过还没给我可以用的POC ------------------ 原始邮件 ------------------ 发件人:"flyh4t"<[email protected]>; 发送时间: 2009年7月26日(星期天) 凌晨1:59 收件人:"ph4nt0m"<[email protected]>; 主题: [Ph4nt0m] Re: 晕,真的假的?PHP未明远程任意文件上传漏洞
http://www.wisec.it/news.php?page=1&lang=it 在2009-07-25 12:58:21,redbin <[email protected]> 写道: > >[prev in list] [next in list] [prev in thread] [next in thread] > >List: bugtraq >Subject: Php Vulnerability N. 2 >From: Stefano Di Paola <stefano.dipaola () wisec ! it> >Date: 2004-09-15 17:07:37 >Message-ID: 1095268057.2818.20.camel () localhost >[Download message RAW] > >Let's go for the second one: > >========================================= >Title: Overwrite $_FILE array in rfc1867 - Mime multipart/form-data >File >Upload > >Affected: Php <= 5.0.1 >Not Affected: it seems none >Vulnerability Type: Possible write of a downloaded file in an >arbitrary > location. >Vendor Status: Vendor has released a fix on cvs.php.net > >==Summary: > >Bad array parsing in rfc1867.c could lead to overwrite $_FILES array >elements. > >==Description: > >I don't know if releasing a POC for this vuln is a good thing because >php is used widely in the net... >so if you are interested feel free to contact me. > > >==Solution: >Authors where contacted and they have released the patch >that can be found on the CVS >cvs.php.net > >================================================= > >Regards, > >Stefano > >-..----=oOOo=----=oOOo=--------- >Stefano Di Paola >Software Engineer > >stefano.dipaola_at_wisec_dot_it >stefano.dipaola1_at_tin_dot_it >------------------------------- > >[prev in list] [next in list] [prev in thread] [next in thread] > > > > >Configure | About | News | Donate | Add a list | Sponsors: 10East, >KoreLogic, Terra-International, Chakpak.com > >> 网易YEAH.NET免费邮箱:您的终身免费邮箱 </span --~--~---------~--~----~------------~-------~--~----~ 要向邮件组发送邮件,请发到 [email protected] 要退订此邮件,请发邮件至 [email protected] -~----------~----~----~----~------~----~------~--~---
