php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #13406 PHP exploit
Submitted: 2001-09-23 14:27 UTC Modified: 2001-09-23 14:35 UTC
From: arpadffy at altavista dot net Assigned:
Status: Not a bug Package: *General Issues
PHP Version: 4.0.4pl1 OS: Linux
Private report: No CVE-ID: None
View Developer Edit
Welcome! If you don't have a Git account, you can't do anything here.
If you reported this bug, you can edit this bug over here.
(description)
Block user comment
Status: Assign to:
Package:
Bug Type:
Summary:
From: arpadffy at altavista dot net
New email:
PHP Version: OS:

 

 [2001-09-23 14:27 UTC] arpadffy at altavista dot net
I'm running Redhat 7.1
Linux xxxxxxxxxxxx 2.4.3-12 #1 Fri Jun 8 15:05:56 EDT 2001 i686 unknown
with apache apache-1.3.19-5 

funcion system() gives apache rights to every user even in /~username requests... 

it is easy to exploit the whole site with simple script
http://www.gimpster.com/php/phpshell/index.php

what should I do againt.??

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2001-09-23 14:35 UTC] jeroen@php.net
Ask support questions on http://www.php.net/support.php

Hint: safe-mode, safemode.disable-function (or something like that)
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Sat Dec 21 12:01:31 2024 UTC