OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
From: Shaun Clowes (shaunsecurereality.com.au)
Date: Mon Jul 02 2001 - 05:16:24 CDT

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    > arbitrary PHP Codes as apache user.
    > From: <sl4shifrance.com>
    > MIME-Version: 1.0
    > Content-Type: text/plain; charset="iso-8859-1"
    > Content-Transfer-Encoding: quoted-printable
    > Date: Sun, 1 Jul 2001 23:43:17 GMT
    > Message-id: <200107012343.115elh00.opsion.fr>
    >
    > Note : sorry for my pity english.

    Just to be clear this vulnerability is the one we reported in pre advisory
    form in April (http://www.securereality.com.au/srpre00001.html) and
    presented in detail at the Black Hat Briefings in Asia. All users that
    applied our patch are not vulnerable to this problem. We'll be releasing a
    detailed advisory describing this hole and a paper on exploiting PHP scripts
    very soon.

    Thanks,
    Shaun
    SecureReality Pty Ltd