** Visibility changed to: Public
--
PHP 5.2.4-2ubuntu5.9 Possible exploit using directory traversal
https://bugs.launchpad.net/bugs/491835
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to php5 in ubuntu.
--
Ubuntu-server-bugs mailing
** Visibility changed to: Private
--
PHP 5.2.4-2ubuntu5.9 Possible exploit using directory traversal
https://bugs.launchpad.net/bugs/491835
You received this bug notification because you are a member of Ubuntu
Server Team, which is a direct subscriber.
--
Ubuntu-server-bugs mailing list
I reproduced the same effect using webroot /var/www
file test.php:
?php
if($_GET[pageID])
$pageID=$_GET[pageID];
include('page.'.$pageID.'.inc');
?
http://myserver/test.php?pageID=/../../../etc/resolv.conf%00
filesystem is ext3 on a local harddrive
--
PHP 5.2.4-2ubuntu5.9 Possible
/usr/local/Zend/etc/php.ini attached
** Attachment added: php.ini
http://launchpadlibrarian.net/36393620/php.ini
--
PHP 5.2.4-2ubuntu5.9 Possible exploit using directory traversal
https://bugs.launchpad.net/bugs/491835
You received this bug notification because you are a member of Ubuntu
Using Zend Optimizer 3.3.3 as stated before
$ php --version
PHP 5.2.4-2ubuntu5.9 with Suhosin-Patch 0.9.6.2 (cli) (built: Nov 26 2009
13:59:08)
Copyright (c) 1997-2007 The PHP Group
Zend Engine v2.2.0, Copyright (c) 1998-2007 Zend Technologies
Here is the phpinfo() output
I'll try using the
Ok, now I can't reproduce, with default php.ini.
So the problem seems to be with the php.ini that came with Zend Optimizer
--
PHP 5.2.4-2ubuntu5.9 Possible exploit using directory traversal
https://bugs.launchpad.net/bugs/491835
You received this bug notification because you are a member of
** Visibility changed to: Public
--
PHP 5.2.4-2ubuntu5.9 Possible exploit using directory traversal
https://bugs.launchpad.net/bugs/491835
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
--
ubuntu-bugs mailing list
** Visibility changed to: Private
--
PHP 5.2.4-2ubuntu5.9 Possible exploit using directory traversal
https://bugs.launchpad.net/bugs/491835
You received this bug notification because you are a member of Ubuntu
Bugs, which is a direct subscriber.
--
ubuntu-bugs mailing list
I reproduced the same effect using webroot /var/www
file test.php:
?php
if($_GET[pageID])
$pageID=$_GET[pageID];
include('page.'.$pageID.'.inc');
?
http://myserver/test.php?pageID=/../../../etc/resolv.conf%00
filesystem is ext3 on a local harddrive
--
PHP 5.2.4-2ubuntu5.9 Possible
/usr/local/Zend/etc/php.ini attached
** Attachment added: php.ini
http://launchpadlibrarian.net/36393620/php.ini
--
PHP 5.2.4-2ubuntu5.9 Possible exploit using directory traversal
https://bugs.launchpad.net/bugs/491835
You received this bug notification because you are a member of Ubuntu
Using Zend Optimizer 3.3.3 as stated before
$ php --version
PHP 5.2.4-2ubuntu5.9 with Suhosin-Patch 0.9.6.2 (cli) (built: Nov 26 2009
13:59:08)
Copyright (c) 1997-2007 The PHP Group
Zend Engine v2.2.0, Copyright (c) 1998-2007 Zend Technologies
Here is the phpinfo() output
I'll try using the
Ok, now I can't reproduce, with default php.ini.
So the problem seems to be with the php.ini that came with Zend Optimizer
--
PHP 5.2.4-2ubuntu5.9 Possible exploit using directory traversal
https://bugs.launchpad.net/bugs/491835
You received this bug notification because you are a member of
zend optimizer version has
magic_quotes_gpc = Off
that's the only difference, beside some Zend configuration
So when I turn magic quotas On, that problem disapeares.
Seems that it's not a bug, but just a configuration mistake.
Sorry for wasting your time and
thankyou for everything.
**
13 matches
Mail list logo
