Hi all,
If I may ask for your comments.
I have to set on wy webserver pages written by someone. One of file which
must be put in cgi-bin directory is following script (only this two lines).
#!/usr/bin/env bash
./foo bar.html
The whole construction looks dangerous for me. I'm thinking about hard
Hello!
On Thu, 7 Feb 2002, Halil Demirezen wrote:
> I come accross such a thing before,
>
> In one of the directory a file has got permissions for only www-data
> but no other users can get access to that file. but writing a single php
> script you can see what that file has and you can easily s
Hi all,
If I may ask for your comments.
I have to set on wy webserver pages written by someone. One of file which
must be put in cgi-bin directory is following script (only this two lines).
#!/usr/bin/env bash
./foo bar.html
The whole construction looks dangerous for me. I'm thinking about har
Hello!
Sorry. My mistake.
BTW, this is serios bug exactly in *php*, because *php* allow mysql
library to access files that should be hidden for user.
Very strange that most users think that this is mysql bug.
This is *php* bug cause *php* introduce safe mode, so *php* must watch
that this feat
Hello!
On Thu, 7 Feb 2002, Halil Demirezen wrote:
> I come accross such a thing before,
>
> In one of the directory a file has got permissions for only www-data
> but no other users can get access to that file. but writing a single php
> script you can see what that file has and you can easily
On Don, 07 Feb 2002, Dmitry N. Hramtsov wrote:
> As I can see this bug already fixed (Status: Closed) in PHP:
> http://bugs.php.net/bug.php?id=15375,
> so we should just wait for updated package from maintainer.
Maybe its a good idea to read the bug and why it is closed:
--8<--
[5 Feb 9:53am] [E
Hello!
Sorry. My mistake.
BTW, this is serios bug exactly in *php*, because *php* allow mysql
library to access files that should be hidden for user.
Very strange that most users think that this is mysql bug.
This is *php* bug cause *php* introduce safe mode, so *php* must watch
that this fea
On Don, 07 Feb 2002, Dmitry N. Hramtsov wrote:
> As I can see this bug already fixed (Status: Closed) in PHP:
> http://bugs.php.net/bug.php?id=15375,
> so we should just wait for updated package from maintainer.
Maybe its a good idea to read the bug and why it is closed:
--8<--
[5 Feb 9:53am] [
Hello!
On Thu, 7 Feb 2002, Jaan Sarv wrote:
> >"LOAD DATA $local INFILE '$filename' INTO TABLE $tbl FIELDS "
> >. "TERMINATED BY '__THIS_NEVER_HAPPENS__' "
> >. "ESCAPED BY '' "
> >. "LINES TERMINATED BY '__THIS_NEVER_HAPPENS__'",
>
> If I understand correctly, you
Hello!
As I can see this bug already fixed (Status: Closed) in PHP:
http://bugs.php.net/bug.php?id=15375,
so we should just wait for updated package from maintainer.
Best regards,
Dmitry N. Hramtsov
>"LOAD DATA $local INFILE '$filename' INTO TABLE $tbl FIELDS "
>. "TERMINATED BY '__THIS_NEVER_HAPPENS__' "
>. "ESCAPED BY '' "
>. "LINES TERMINATED BY '__THIS_NEVER_HAPPENS__'",
If I understand correctly, you need FILE privileges on the MySQL server for
this exploit
On Thu, Feb 07, 2002 at 09:46:41AM +0800, wrote:
> Hello,
>
> Running Woody (2.4.17-1) and ssh (3.0.2p1-6).
> When I telnet to the box, it prompts me:
> SSH-2.0-OpenSSH_3.0.2p1 Debian 1:3.0.2p1-6. Protocol mismatch..
Are you telnetting to the SSH port (or running SSH on the telnet po
Hello!
On Thu, 7 Feb 2002, Jaan Sarv wrote:
> >"LOAD DATA $local INFILE '$filename' INTO TABLE $tbl FIELDS "
> >. "TERMINATED BY '__THIS_NEVER_HAPPENS__' "
> >. "ESCAPED BY '' "
> >. "LINES TERMINATED BY '__THIS_NEVER_HAPPENS__'",
>
> If I understand correctly, yo
Hello!
As I can see this bug already fixed (Status: Closed) in PHP:
http://bugs.php.net/bug.php?id=15375,
so we should just wait for updated package from maintainer.
Best regards,
Dmitry N. Hramtsov
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Conta
>"LOAD DATA $local INFILE '$filename' INTO TABLE $tbl FIELDS "
>. "TERMINATED BY '__THIS_NEVER_HAPPENS__' "
>. "ESCAPED BY '' "
>. "LINES TERMINATED BY '__THIS_NEVER_HAPPENS__'",
If I understand correctly, you need FILE privileges on the MySQL server for
this exploi
15 matches
Mail list logo
