This isn't a hacking board, if you want to break the law, learn how to do it somewhere else.
Adam Voigt [EMAIL PROTECTED] On Tue, 2002-07-23 at 10:49, Anil Garg wrote: > Hi, > > I am not an expert in php but i would like to know how is the vulnerability > exploited. > > hope to get the right directions > regards > anil > > > PHP Security Advisory: Vulnerability in PHP versions 4.2.0 and 4.2.1 > > > > > > Issued on: July 22, 2002 > > Software: PHP versions 4.2.0 and 4.2.1 > > Platforms: All > > > > > > The PHP Group has learned of a serious security vulnerability in PHP > > versions 4.2.0 and 4.2.1. An intruder may be able to execute arbitrary > > code with the privileges of the web server. This vulnerability may be > > exploited to compromise the web server and, under certain conditions, > > to gain privileged access. > > > > > > Description > > > > PHP contains code for intelligently parsing the headers of HTTP POST > > requests. The code is used to differentiate between variables and files > > sent by the user agent in a "multipart/form-data" request. This parser > > has insufficient input checking, leading to the vulnerability. > > > > The vulnerability is exploitable by anyone who can send HTTP POST > > requests to an affected web server. Both local and remote users, even > > from behind firewalls, may be able to gain privileged access. > > > > > > Impact > > > > Both local and remote users may exploit this vulnerability to > compromise > > the web server and, under certain conditions, to gain privileged > access. > > So far only the IA32 platform has been verified to be safe from the > > execution of arbitrary code. The vulnerability can still be used on > IA32 > > to crash PHP and, in most cases, the web server. > > > > > > Solution > > > > The PHP Group has released a new PHP version, 4.2.2, which incorporates > > a fix for the vulnerability. All users of affected PHP versions are > > encouraged to upgrade to this latest version. The downloads web site at > > > > http://www.php.net/downloads.php > > > > has the new 4.2.2 source tarballs, Windows binaries and source patches > > from 4.2.0 and 4.2.1 available for download. > > > > > > Workaround > > > > If the PHP applications on an affected web server do not rely on HTTP > > POST input from user agents, it is often possible to deny POST requests > > on the web server. > > > > In the Apache web server, for example, this is possible with the > > following code included in the main configuration file or a top-level > > .htaccess file: > > > > <Limit POST> > > Order deny,allow > > Deny from all > > </Limit> > > > > Note that an existing configuration and/or .htaccess file may have > > parameters contradicting the example given above. > > > > > > Credits > > > > The PHP Group would like to thank Stefan Esser of e-matters GmbH for > > discovering this vulnerability. > > > > > > Copyright (c) 2002 The PHP Group. > > > > > > > > -- > > PHP Announcements Mailing List (http://www.php.net/) > > To unsubscribe, visit: http://www.php.net/unsub.php > > > > > -- > PHP Development Mailing List <http://www.php.net/> > To unsubscribe, visit: http://www.php.net/unsub.php > -- PHP Development Mailing List <http://www.php.net/> To unsubscribe, visit: http://www.php.net/unsub.php
