Correct me if I'm wrong on this, but from what I've seen (last hour
or so looking through google for c99+php+shell+captain+crunch), it
looks like the vulnerability comes from including uploaded files
somehow? Or at least allowing files to be uploaded and then accessed
with a .php extension (or whatever Apache *thinks* should go to php).
This looks like a php script to me. I'm confused on how it all works
as a vulnerability. (nothing new)
Ed
On May 1, 2006, at 7:34 AM, Wolf wrote:
I got smacked by it as well. File-upload area that they uploaded a
.php.rar file and then accessed the sucker (must have reconfigured
their
browser for handling?).
At any rate, my file-upload area now is a file-upload and you can't
access it anymore area. It lists it, but... you can't play with it.
Might I remind everyone... BACKUP YOUR IMPORTANT STUFF NIGHTLY
For anyone who wants a copy of c99 (or 2 other variants), let me know
and I will email them to you. I have spent hours working with some of
the more obscure and stronger security settings but was still able to
use them, which is my file-upload area is now rigged the way that
it is.
Wolf
scot wrote:
Hi there,
Not sure if this is proper place to post but here it goes. We got
nailed by
someone using c99shell today. They were able to upload and
overwrite a bunch
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
