On 08/28/2010 05:30 AM, Stephen Harris wrote: > In general it's not just PHP; it could be perl, script.. anything > eg this extremely bad and broken CGI program: That's true, but /proc/environ isn't in a format that's valid for most languages. If a PHP script can be made to include /proc/environ, code can be injected by the caller. For instance, their Agent string could include PHP code which would end up executed. Other languages may not be as prone to that specific issue. _______________________________________________ CentOS mailing list CentOS@xxxxxxxxxx http://lists.centos.org/mailman/listinfo/centos
Re: Strange Apache log entry
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
- To: CentOS mailing list <centos@xxxxxxxxxx>
- Subject: Re: Strange Apache log entry
- From: Gordon Messmer <yinyang@xxxxxxxxx>
- Date: Sun, 29 Aug 2010 00:45:53 -0700
- Delivered-to: centos@xxxxxxxxxx
- In-reply-to: <20100828123047.GA6733@xxxxxxxxxxxxxxxxxx>
- User-agent: Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.8) Gecko/20100806 Fedora/3.1.2-1.fc13 Lightning/1.0b2pre Thunderbird/3.1.2
- Follow-Ups:
- Re: Strange Apache log entry
- From: Stephen Harris
- Re: Strange Apache log entry
- References:
- Strange Apache log entry
- From: Gilbert Sebenste
- Re: Strange Apache log entry
- From: Keith Roberts
- Re: Strange Apache log entry
- From: Gilbert Sebenste
- Re: Strange Apache log entry
- From: Gordon Messmer
- Re: Strange Apache log entry
- From: Keith Roberts
- Re: Strange Apache log entry
- From: Emmanuel Noobadmin
- Re: Strange Apache log entry
- From: Stephen Harris
- Strange Apache log entry
- Prev by Date: Re: qemu
- Next by Date: how to install oracle on centos 5.3
- Previous by thread: Re: Strange Apache log entry
- Next by thread: Re: Strange Apache log entry
- Index(es):
 |