Re: Critical phpwiki c99shell exploit

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: Re: Critical phpwiki c99shell exploit
From: Taneli Leppä <taneli@xxxxxxxxxx>
Date: Mon, 16 Apr 2007 13:29:01 +0300
In-reply-to: <Pine.LNX.4.21.0704121149070.5951-100000@xxxxxxxxxxxx>
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm
Organization: Crasman Co Ltd
References: <Pine.LNX.4.21.0704121149070.5951-100000@xxxxxxxxxxxx>
User-agent: Thunderbird 2.0b1 (Windows/20061206)

Hello,

Gadi Evron wrote:

This is a good best practice, but it doesn't hold water long
range. Further, where do you disallow these extensions? In the
application?
Mostly what the bad guys would do is upload, say.. .jpg, and then rename
it.


This is what I do in Apache to directories used to store user
uploaded files:

<Directory "/var/www/html/application/uploaded">
  php_admin_flag engine off
</Directory>

--
  Taneli Leppä         | Crasman Co Ltd
  <taneli@xxxxxxxxxx>  | <http://www.crasman.fi/>

References:
- Re: Critical phpwiki c99shell exploit
  - From: Gadi Evron

Prev by Date: Windows DNS Cache Poisoning by Forwarder DNS Spoofing
Next by Date: [ GLSA 200704-10 ] Inkscape: Two format string vulnerabilities
Previous by thread: RE: Critical phpwiki c99shell exploit
Next by thread: Re: Critical phpwiki c99shell exploit
Index(es):
- Date
- Thread