[CS-FSLUG] PHP vulnerabilities?
Ed Hurst
ehurst at asisaid.com
Fri Jun 2 06:49:40 CDT 2006
Legatus wrote:
> of folks. The file probably doesn't exist. It is probably a embedded in
> a PHP script, and the query string calls a function that then generates
> the the file for download. The offending file was probably injected
> using a buffer overflow or other vulnerability in PHP, or by accessing
> another site on the same server that has a flaky file upload script,
> that will allow people to add a full path the the file they are
> uploading, thus putting the file exactly where they want. There are
> probably a hundred other ways to do this.
So this is likely generated by a script? Obviously I know nothing of
PHP, aside from reading about vulnerabilities. I'm guessing a standard
script is replaced by the cracker, which adds this extra capability
undetected, eh?
--
Ed Hurst
----------
Bible Application - http://ed.asisaid.com/bible/index.html
Plain & Simple Computer Help - http://ed.asisaid.com/
Mission, Method & Means - http://ed.asisaid.com/blog/
More information about the Christiansource
mailing list