so why not upload a binary file and execute that ? quick root-kit later and you're in.
-----Original Message----- From: Dustin E. Childers [mailto:[EMAIL PROTECTED]] Sent: Thursday, April 18, 2002 3:22 AM To: Jason Murray Cc: [EMAIL PROTECTED] Subject: Re: [PHP] Nasty DoS in PHP "If the user has enough access to the server to place files on it" ? There are hosting places that have PHP and you can just upload the PHP script through FTP and access it in your browser. Dustin E. Childers Security Administrator. CEO, Digitux Security, Inc. http://www.digitux.net/ ----- Original Message ----- From: "Jason Murray" <[EMAIL PROTECTED]> To: "'Dustin E. Childers'" <[EMAIL PROTECTED]> Cc: <[EMAIL PROTECTED]> Sent: Wednesday, April 17, 2002 5:14 PM Subject: RE: [PHP] Nasty DoS in PHP > > It's a default PHP installation. We aren't calling set_time_limit(). > > I know its an infinite loop, the point is that if a user wanted to > > attack a server (happens every day) they would be able to use this > > method to take the server down. > > But, if the user has enough access to the server to place files on it, > then they can do much, much worse stuff than running an infinite loop > in PHP. Like I said, if it gets to that point you have bigger problems. > > Jason -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
