----- On Feb 6, 2017, at 8:22 PM, Bernd Lentes bernd.lentes@xxxxxxxxxxxxxxxxxxxxx wrote: >> OK. I think i understand most of it. >> First the attacker sets some values appropriate for him. Then he tries to create >> a file webconfig.txt.php and to write >> <?php eval($_POST[1]);?> in it. >> Fortunately wwwrun can't write in /sr/www ... , following >> http://httpd.apache.org/docs/2.2/misc/security_tips.html years ago. >> If he could create the file, then he is able to sent arbitrary stuff to it which >> is executed by eval. >> >> Some things are still unclear for me: >> >> What is the purpose of the two echos ? >> Why has the request status code 200 ? >> What is the purpose of the 1 direct behind the question mark ? >> What is the 1 in the array $_POST ? Arrays start with index 0, i think (i'm not >> a php developer). >> > > The @ in front of the function calls silence the errors: > http://stackoverflow.com/questions/27645422/what-difference-does-usage-of-symbol-with-ini-set-built-in-function-makes-in > Beside keeping apache and the OS fresh, what do you think of mod_security and/or AppArmor as an additional layer of security ? I read that mod_security is quite complicated. Bernd Helmholtz Zentrum Muenchen Deutsches Forschungszentrum fuer Gesundheit und Umwelt (GmbH) Ingolstaedter Landstr. 1 85764 Neuherberg www.helmholtz-muenchen.de Aufsichtsratsvorsitzende: MinDir'in Baerbel Brumme-Bothe Geschaeftsfuehrer: Prof. Dr. Guenther Wess, Heinrich Bassler, Dr. Alfons Enhsen Registergericht: Amtsgericht Muenchen HRB 6466 USt-IdNr: DE 129521671 --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|