Got to love code like this: http://www.exploit-db.com/exploits/18861/
— Patrick On Mon, May 21, 2012 at 1:21 PM, Thomas Gries <[email protected]> wrote: > ** Keine Antwort erforderlich ** no reply needed ** > > FYI: > I just received the following information > > http://www.heise.de/newsticker/meldung/Ungepatche-Luecke-in-aktueller-PHP-Version-1580790.html > (German) > https://isc.sans.edu/diary.html?storyid=13255 > > "Clarifications/Updates to the original diary: > > - This is NOT remote exploitable. An exploit would require the attacker > to upload PHP code to the server, at which point, the attacker could > just use PHP to run shell commands via "exec". > > - only the windows version is vulnerable" > > "There is a remote exploit in the wild for PHP 5.4.3 in Windows, which > takes advantage of a vulnerability in the com_print_typeinfo > <http://php.net/manual/en/function.com-print-typeinfo.php> function. The > php engine needs to execute the malicious code, which can include any > shellcode like the the ones that bind a shell to a port." > > ** Keine Antwort erforderlich ** no reply needed ** > > _______________________________________________ > Wikitech-l mailing list > [email protected] > https://lists.wikimedia.org/mailman/listinfo/wikitech-l _______________________________________________ Wikitech-l mailing list [email protected] https://lists.wikimedia.org/mailman/listinfo/wikitech-l
