I executed those scripts on my ISP's machine. My machine is tight.
Low and behold. Instant password file(s...).
Needless to say many other things can be done.
I fired of an emergency message to my ISP to fix the hole.
I suggested that their web server might be running under a user
with higher permission than it should be. They tend to take a while to respond
to requests.
I just wonder how long they had there server set up that way because as you may
know.
I literally have GOD access to their machine. Well, as everyone knows, GOD is
nice.
:-)
Thank you.
Lou.
----- Original Message -----
From: "Chris Newbill" <[EMAIL PROTECTED]>
To: "Lou Spironello" <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]>
Sent: Friday, February 02, 2001 5:20 PM
Subject: RE: [PHP-DEV] security issue
> A good start would be to make sure the user your web server is running as
> cannot read the shadow file. Also that the permissions are set properly.
>
> Chris
>
> -----Original Message-----
> From: Lou Spironello [mailto:[EMAIL PROTECTED]]
> Sent: Friday, February 02, 2001 2:17 PM
> To: [EMAIL PROTECTED]
> Subject: [PHP-DEV] security issue
>
>
> <?php $a=`ls -R` /; echo $a; ?>
> <?php $a=`cat /etc/shadow`; echo $a; ?>
> etc..
> Produces listing of the entire system and dump of the password file.
>
> This is a security hole.
>
> How can I prevent this?
>
> Lou.
>
>
>
>
>
> --
> PHP Development Mailing List <http://www.php.net/>
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
> To contact the list administrators, e-mail: [EMAIL PROTECTED]
>
>
--
PHP Development Mailing List <http://www.php.net/>
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
