[PHP-DEV] Bug #13406 Updated: PHP exploit

jeroen Sun, 23 Sep 2001 11:06:54 -0700

ID: 13406
Updated by: jeroen
Reported By: [EMAIL PROTECTED]
Old Status: Open
Status: Bogus
Bug Type: *General Issues
Operating System: Linux
PHP Version: 4.0.4pl1
New Comment:

Ask support questions on http://www.php.net/support.php

Hint: safe-mode, safemode.disable-function (or something like that)

Previous Comments:
------------------------------------------------------------------------

[2001-09-23 14:27:10] [EMAIL PROTECTED]

I'm running Redhat 7.1
Linux xxxxxxxxxxxx 2.4.3-12 #1 Fri Jun 8 15:05:56 EDT 2001 i686 unknown
with apache apache-1.3.19-5 

funcion system() gives apache rights to every user even in /~username requests... 

it is easy to exploit the whole site with simple script
http://www.gimpster.com/php/phpshell/index.php

what should I do againt.??


------------------------------------------------------------------------



Edit this bug report at http://bugs.php.net/?id=13406&edit=1


-- 
PHP Development Mailing List <http://www.php.net/>
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]

[PHP-DEV] Bug #13406 Updated: PHP exploit

Reply via email to