I seem to recall some info from yesterday that the example on escape to shell that's in the PHP book is vulnerable.
How many PHP pages out there are hacked version of the samples in the PHP book(s)? How many sites out there have "status", "debug" and learning apps that escape to shell, and no one realizes they even have that? Let's not forget all the embedded devices with web sites that escape to shell. This one is going to have a very long tail... On Fri, Sep 26, 2014 at 9:05 AM, Brandon Allbery <allber...@gmail.com> wrote: > On Fri, Sep 26, 2014 at 11:59 AM, Doug Hughes <d...@will.to> wrote: >> >> If the CGI in question is bash, this by itself is sufficient to get it to >> execute code that it otherwise should not have. > > > Or if the CGI is executed by a mechanism which involves /bin/sh, *and* > /bin/sh is bash. In this case, the language the CGI itself is written in is > irrelevant. > > -- > brandon s allbery kf8nh sine nomine associates > allber...@gmail.com ballb...@sinenomine.net > unix, openafs, kerberos, infrastructure, xmonad http://sinenomine.net > > _______________________________________________ > Tech mailing list > Tech@lists.lopsa.org > https://lists.lopsa.org/cgi-bin/mailman/listinfo/tech > This list provided by the League of Professional System Administrators > http://lopsa.org/ > _______________________________________________ Tech mailing list Tech@lists.lopsa.org https://lists.lopsa.org/cgi-bin/mailman/listinfo/tech This list provided by the League of Professional System Administrators http://lopsa.org/
