Hi,
Javier Fernández-Sanguino Peña wrote:
>
> On Wed, Feb 06, 2002 at 05:31:23PM +0100, Christian Hammers wrote:
> > On Wed, Feb 06, 2002 at 05:26:27PM +0100, Ralf Dreibrodt wrote:
> > > just run apache chrooted and you don?t have problems like this.
> > Doesn't work well if you have multiple vir
Hi,
Javier Fernández-Sanguino Peña wrote:
>
> On Wed, Feb 06, 2002 at 05:31:23PM +0100, Christian Hammers wrote:
> > On Wed, Feb 06, 2002 at 05:26:27PM +0100, Ralf Dreibrodt wrote:
> > > just run apache chrooted and you don?t have problems like this.
> > Doesn't work well if you have multiple vi
On Wed, Feb 06, 2002 at 05:31:23PM +0100, Christian Hammers wrote:
> On Wed, Feb 06, 2002 at 05:26:27PM +0100, Ralf Dreibrodt wrote:
> > > Maybe debian developers should make a "quick and dirty" fix for this,
> > > because (as I can understand) php developers already knows about this
> > > hole and
On Wed, Feb 06, 2002 at 05:31:23PM +0100, Christian Hammers wrote:
> On Wed, Feb 06, 2002 at 05:26:27PM +0100, Ralf Dreibrodt wrote:
> > > Maybe debian developers should make a "quick and dirty" fix for this,
> > > because (as I can understand) php developers already knows about this
> > > hole an
Hello!
On Thu, 7 Feb 2002, Halil Demirezen wrote:
> I come accross such a thing before,
>
> In one of the directory a file has got permissions for only www-data
> but no other users can get access to that file. but writing a single php
> script you can see what that file has and you can easily s
Hello!
Sorry. My mistake.
BTW, this is serios bug exactly in *php*, because *php* allow mysql
library to access files that should be hidden for user.
Very strange that most users think that this is mysql bug.
This is *php* bug cause *php* introduce safe mode, so *php* must watch
that this feat
Hello!
On Thu, 7 Feb 2002, Halil Demirezen wrote:
> I come accross such a thing before,
>
> In one of the directory a file has got permissions for only www-data
> but no other users can get access to that file. but writing a single php
> script you can see what that file has and you can easily
On Don, 07 Feb 2002, Dmitry N. Hramtsov wrote:
> As I can see this bug already fixed (Status: Closed) in PHP:
> http://bugs.php.net/bug.php?id=15375,
> so we should just wait for updated package from maintainer.
Maybe its a good idea to read the bug and why it is closed:
--8<--
[5 Feb 9:53am] [E
Hello!
Sorry. My mistake.
BTW, this is serios bug exactly in *php*, because *php* allow mysql
library to access files that should be hidden for user.
Very strange that most users think that this is mysql bug.
This is *php* bug cause *php* introduce safe mode, so *php* must watch
that this fea
On Don, 07 Feb 2002, Dmitry N. Hramtsov wrote:
> As I can see this bug already fixed (Status: Closed) in PHP:
> http://bugs.php.net/bug.php?id=15375,
> so we should just wait for updated package from maintainer.
Maybe its a good idea to read the bug and why it is closed:
--8<--
[5 Feb 9:53am] [
Hello!
On Thu, 7 Feb 2002, Jaan Sarv wrote:
> >"LOAD DATA $local INFILE '$filename' INTO TABLE $tbl FIELDS "
> >. "TERMINATED BY '__THIS_NEVER_HAPPENS__' "
> >. "ESCAPED BY '' "
> >. "LINES TERMINATED BY '__THIS_NEVER_HAPPENS__'",
>
> If I understand correctly, you
Hello!
As I can see this bug already fixed (Status: Closed) in PHP:
http://bugs.php.net/bug.php?id=15375,
so we should just wait for updated package from maintainer.
Best regards,
Dmitry N. Hramtsov
>"LOAD DATA $local INFILE '$filename' INTO TABLE $tbl FIELDS "
>. "TERMINATED BY '__THIS_NEVER_HAPPENS__' "
>. "ESCAPED BY '' "
>. "LINES TERMINATED BY '__THIS_NEVER_HAPPENS__'",
If I understand correctly, you need FILE privileges on the MySQL server for
this exploit
Hello!
On Thu, 7 Feb 2002, Jaan Sarv wrote:
> >"LOAD DATA $local INFILE '$filename' INTO TABLE $tbl FIELDS "
> >. "TERMINATED BY '__THIS_NEVER_HAPPENS__' "
> >. "ESCAPED BY '' "
> >. "LINES TERMINATED BY '__THIS_NEVER_HAPPENS__'",
>
> If I understand correctly, yo
Hello!
As I can see this bug already fixed (Status: Closed) in PHP:
http://bugs.php.net/bug.php?id=15375,
so we should just wait for updated package from maintainer.
Best regards,
Dmitry N. Hramtsov
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Conta
>"LOAD DATA $local INFILE '$filename' INTO TABLE $tbl FIELDS "
>. "TERMINATED BY '__THIS_NEVER_HAPPENS__' "
>. "ESCAPED BY '' "
>. "LINES TERMINATED BY '__THIS_NEVER_HAPPENS__'",
If I understand correctly, you need FILE privileges on the MySQL server for
this exploi
Hi,
brendan hack wrote:
>
> I received an error saying 'test_database' not found.
of course you should change $db to you db-name.
> I then
> removed all access privileges from the anonymous user to the test
> database and received the following:
>
> FAILED: USE test
> REASON: Access denied for
I just tested this out on a php/mysql system which we just setup at
work. It still had the 'test' database and the anonymous user access for
'test' that comes with the default mysql setup. The first time I tried
it I received an error saying 'test_database' not found. I changed $db
from 'test
Hi,
brendan hack wrote:
>
> I received an error saying 'test_database' not found.
of course you should change $db to you db-name.
> I then
> removed all access privileges from the anonymous user to the test
> database and received the following:
>
> FAILED: USE test
> REASON: Access denied fo
I just tested this out on a php/mysql system which we just setup at
work. It still had the 'test' database and the anonymous user access for
'test' that comes with the default mysql setup. The first time I tried
it I received an error saying 'test_database' not found. I changed $db
from 'test
On Wed, Feb 06, 2002 at 05:26:27PM +0100, Ralf Dreibrodt wrote:
> > Maybe debian developers should make a "quick and dirty" fix for this,
> > because (as I can understand) php developers already knows about this
> > hole and do still nothing.
> just run apache chrooted and you donŽt have problems l
Hi,
"Dmitry N. Hramtsov" schrieb:
>
> Any comments or counsel?
>
> Maybe debian developers should make a "quick and dirty" fix for this,
> because (as I can understand) php developers already knows about this
> hole and do still nothing.
just run apache chrooted and you don´t have problems like
Hello!
You can read it in details at:
http://bugs.php.net/bug.php?id=15375
or at:
http://www.security.nnov.ru/search/document.asp?docid=2444
Short exploit:
Any comments or counsel?
Maybe debian developers should make a "quick and dirty" fix for this,
because (as I can understand) php develo
On Wed, Feb 06, 2002 at 05:26:27PM +0100, Ralf Dreibrodt wrote:
> > Maybe debian developers should make a "quick and dirty" fix for this,
> > because (as I can understand) php developers already knows about this
> > hole and do still nothing.
> just run apache chrooted and you don´t have problems
Hi,
"Dmitry N. Hramtsov" schrieb:
>
> Any comments or counsel?
>
> Maybe debian developers should make a "quick and dirty" fix for this,
> because (as I can understand) php developers already knows about this
> hole and do still nothing.
just run apache chrooted and you don´t have problems lik
Hello!
You can read it in details at:
http://bugs.php.net/bug.php?id=15375
or at:
http://www.security.nnov.ru/search/document.asp?docid=2444
Short exploit:
Any comments or counsel?
Maybe debian developers should make a "quick and dirty" fix for this,
because (as I can understand) php devel
26 matches
Mail list logo
