What flavor of server are you running on (Windows/*nix)?
Does this do a root kit too? It seems that at least the system files
would be protected from tampering if php is running as an
unprivileged user(?maybe??). Although, on *nix at least, I could see
that they would be able to at least re
What I found with my working with trying to lock it down was that I
could not do it entirely at the last point of trying. I could only
succeed in doing most of it by swapping my apache code. I made my
php.ini as secure as possible based off my searches for the system files
it was accessing. Have
Well, here's what happened here now that I have more details. We had a
client with a php calendar installed. The attacker was able to upload
c99.txt somehow and basically rename it to tasks.php within this calendar.
c99 is amazing with what it can do, I'm no security expert but it blows me
away
Correct me if I'm wrong on this, but from what I've seen (last hour
or so looking through google for c99+php+shell+captain+crunch), it
looks like the vulnerability comes from including uploaded files
somehow? Or at least allowing files to be uploaded and then accessed
with a .php extension
I got smacked by it as well. File-upload area that they uploaded a
.php.rar file and then accessed the sucker (must have reconfigured their
browser for handling?).
At any rate, my file-upload area now is a file-upload and you can't
access it anymore area. It lists it, but... you can't play with
On Sun, April 30, 2006 12:31 am, scot wrote:
> Hi there,
> Not sure if this is proper place to post but here it goes. We got
> nailed by
> someone using c99shell today. They were able to upload and overwrite a
> bunch
> of index files. I am working on discovering how they were able to get
> it on
Hey. That is not a good php.ini configuration.
1. display_errors should be disabled in production as it may output path
info to the browser.
2. register_globals should be disabled (default in php5) as it allows
scripts to be polluted with tainted data.
3. I would also disabled short_open_tags - n
scot wrote:
Hi there,
Not sure if this is proper place to post but here it goes. We got nailed by
someone using c99shell today. They were able to upload and overwrite a bunch
of index files. I am working on discovering how they were able to get it on
our server. Here's some basic info. I am by n
8 matches
Mail list logo
