php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #13406 PHP exploit
Submitted: 2001-09-23 14:27 UTC Modified: 2001-09-23 14:35 UTC
From: arpadffy at altavista dot net Assigned:
Status: Not a bug Package: *General Issues
PHP Version: 4.0.4pl1 OS: Linux
Private report: No CVE-ID: None
 [2001-09-23 14:27 UTC] arpadffy at altavista dot net
I'm running Redhat 7.1
Linux xxxxxxxxxxxx 2.4.3-12 #1 Fri Jun 8 15:05:56 EDT 2001 i686 unknown
with apache apache-1.3.19-5 

funcion system() gives apache rights to every user even in /~username requests... 

it is easy to exploit the whole site with simple script
http://www.gimpster.com/php/phpshell/index.php

what should I do againt.??

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2001-09-23 14:35 UTC] jeroen@php.net
Ask support questions on http://www.php.net/support.php

Hint: safe-mode, safemode.disable-function (or something like that)
 
PHP Copyright © 2001-2022 The PHP Group
All rights reserved.
Last updated: Sun May 22 20:05:44 2022 UTC