有的话赶紧出来共享 ------------------ 原始邮件 ------------------ 发件人: "h4cky3"<[email protected]>; 发送时间: 2009年7月27日(星期一) 凌晨1:59 收件人: "ph4nt0m"<[email protected]>; "ph4nt0m"<[email protected]>; 主题: 回复:[Ph4nt0m] Re: 晕,真的假的?PHP未明远程任意文件上传漏洞
国外有朋友测试貌似成功了。不过还没给我可以用的POC ------------------ 原始邮件 ------------------ 发件人:"flyh4t"<[email protected]>; 发送时间: 2009年7月26日(星期天) 凌晨1:59 收件人:"ph4nt0m"<[email protected]>; 主题: [Ph4nt0m] Re: 晕,真的假的?PHP未明远程任意文件上传漏洞 http://www.wisec.it/news.php?page=1&lang=it 在2009-07-25 12:58:21,redbin <[email protected]> 写道: > >[prev in list] [next in list] [prev in thread] [next in thread] > >List: bugtraq >Subject: Php Vulnerability N. 2 >From: Stefano Di Paola <stefano.dipaola () wisec ! it> >Date: 2004-09-15 17:07:37 >Message-ID: 1095268057.2818.20.camel () localhost >[Download message RAW] > >Let's go for the second one: > >========================================= >Title: Overwrite $_FILE array in rfc1867 - Mime multipart/form-data >File >Upload > >Affected: Php <= 5.0.1 >Not Affected: it seems none >Vulnerability Type: Possible write of a downloaded file in an >arbitrary > location. >Vendor Status: Vendor has released a fix on cvs.php.net > >==Summary: > >Bad array parsing in rfc1867.c could lead to overwrite $_FILES array >elements. > >==Description: > >I don't know if releasing a POC for this vuln is a good thing because >php is used widely in the net... >so if you are interested feel free to contact me. > > >==Solution: >Authors where contacted and they have released the patch >that can be found on the CVS >cvs.php.net > >================================================= > >Regards, > >Stefano > >-..----=oOOo=----=oOOo=--------- >Stefano Di Paola >Software Engineer > >stefano.dipaola_at_wisec_dot_it >stefano.dipaola1_at_tin_dot_it >------------------------------- > >[prev in list] [next in list] [prev in thread] [next in thread] > > > > >Configure | About | News | Donate | Add a list | Sponsors: 10East, >KoreLogic, Terra-International, Chakpak.com > >> 网易YEAH.NET免费邮箱:您的终身免费邮箱 </span </div 附件( 个) 超大附件 旋风批量下载 正在检测超大附件 --~--~---------~--~----~------------~-------~--~----~ 要向邮件组发送邮件,请发到 [email protected] 要退订此邮件,请发邮件至 [email protected] -~----------~----~----~----~------~----~------~--~---
