BugTraq
Possible bug in PHPNuke and other CMS May 30 2004 02:53PM
Luca Falavigna (fala83 libero it) (3 replies)
Re: Possible bug in PHPNuke and other CMS Jun 01 2004 09:14AM
Peter Hagstrøm (ph deadcode dk)
Re: [Full-Disclosure] Possible bug in PHPNuke and other CMS Jun 01 2004 07:09AM
Sam Bashton (sam ipsupport co uk)
Re: Possible bug in PHPNuke and other CMS Jun 01 2004 04:50AM
Alexander GQ Gerasiov (bugtaq gq pp ru) (1 replies)
Re: Possible bug in PHPNuke and other CMS Jun 01 2004 05:13PM
Luca Falavigna (fala83 libero it) (1 replies)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Alexander GQ Gerasiov ha scritto:
|
| I'm sure that such problems must be fixed not with some hacks like
| yours (checking domain name), but with webserver configuration (uid
| and permissions, php abilities (like safe mode or open_base_dir
| option) etc.)
|

File permissions must always permit execution of php pages by web
servers. And symlink is followed and code executed because web servers
must have access to that directory and code. We can operate with php
security options too and obtain the same result but what if we cannot
modify them? We are uncovered!!!

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iQEVAwUBQLy5UPTtdJayrm9xAQJYsggAjH3AAqT6olYdcnK6Oon91TtPDk96ajSC
JCJbqcdjRgGeOWq7YczYvysr7ff/splZZ6f1wMWbJwcmFntE/gWdRmU2+Y0/4sHv
P4w9Cymmdhhc8E91KqYUfJNYFqWhGfdjaCsZ6p+8tj/+hm/ZPWFuU+2mI+8T4S6i
lEEveVl3DiUfG4oxImOyn/6vAgmUcnMkL/qm+TpSqItPd22Q3rP7gagXbJBn8U34
lKjQHy8KhJeEh8NZ4bQ6BR7My3iHFigOcA3sbN+vDnsptz+TIIhKfF2R1vvEOjcd
2YICuxiio7hHN/VkmJP++OazuWIUr5lDQuJIOwszfI0ozwalRQ9X/Q==
=41ma
-----END PGP SIGNATURE-----

[ reply ]
Re: Possible bug in PHPNuke and other CMS Jun 04 2004 12:25PM
BlueRaven (blue ravenconsulting it)


 

Privacy Statement
Copyright 2010, SecurityFocus