Correct me if I'm wrong on this, but from what I've seen (last hour or so looking through google for c99+php+shell+captain+crunch), it looks like the vulnerability comes from including uploaded files somehow? Or at least allowing files to be uploaded and then accessed with a .php extension (or whatever Apache *thinks* should go to php).

This looks like a php script to me. I'm confused on how it all works as a vulnerability. (nothing new)

Ed

On May 1, 2006, at 7:34 AM, Wolf wrote:

I got smacked by it as well.  File-upload area that they uploaded a
.php.rar file and then accessed the sucker (must have reconfigured their
browser for handling?).

At any rate, my file-upload area now is a file-upload and you can't
access it anymore area.  It lists it, but...  you can't play with it.

Might I remind everyone...  BACKUP YOUR IMPORTANT STUFF NIGHTLY

For anyone who wants a copy of c99 (or 2 other variants), let me know
and I will email them to you.  I have spent hours working with some of
the more obscure and stronger security settings but was still able to
use them, which is my file-upload area is now rigged the way that it is.

Wolf

scot wrote:
Hi there,
Not sure if this is proper place to post but here it goes. We got nailed by someone using c99shell today. They were able to upload and overwrite a bunch

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php


--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to