Presumably the PHP interpreter is in the same memory space. So you could also steal session cookies, database credentials, possibly form data, maybe even credit card data as it passed through.
On Tue, Apr 08, 2014 at 12:51:36PM PDT, David Lang spake thusly: > On Tue, 8 Apr 2014, David Blank-Edelman wrote: > > >On Apr 8, 2014, at 9:48 AM, Paul Graydon <p...@paulgraydon.co.uk> wrote: > > > >>There is ample proof this morning that it can be used to acquire yahoo > >>credentials with ease as Yahoo remains unpatched. > > > >So I’ve seen the screen shot too that went around, but I have to admit, > >I’m curious about the mechanics behind that. Would anyone care to > >speculate just how you use this bug to grab credentials in that way from > >them? I can hazard a partial guess, but I’d like to hear if others have > >any more technical detailed thoughts on how this was done. > > Basically, this bug allows you to dump the entire address space of the > server and then go digging through it. > > So anything the server knows at that instant (including end-user passwords > and other form data) can be dug out by the attacker if they are determined > enough. > > How hard or easy this is depends on a lot of things, but certs are stored in > fairly standard places, so you should create new certs (and new passphrases > to go along with them) if you think you may be a target of _anyone_ > > David Lang > _______________________________________________ > Tech mailing list > Tech@lists.lopsa.org > https://lists.lopsa.org/cgi-bin/mailman/listinfo/tech > This list provided by the League of Professional System Administrators > http://lopsa.org/ -- Tracy Reed
pgpZg4QMQ71aq.pgp
Description: PGP signature
_______________________________________________ Tech mailing list Tech@lists.lopsa.org https://lists.lopsa.org/cgi-bin/mailman/listinfo/tech This list provided by the League of Professional System Administrators http://lopsa.org/
