-
January 29th, 2002, 07:37 AM
#1
Script execution vulnerability in PHP 4.0..
SCRIPT EXECUTION VULNERABILITY IN PHP 4.0 FOR APACHE
Paul Brereton discovered a vulnerability in PHP 4.0 for Windows using Apache Web Server 2.0. By exploiting PHP's ability to view files residing outside the usual HTML root directory, an attacker can execute arbitrary code by inserting a malicious PHP-based command into the Apache log file. PHP has been notified, but no fix is currently available.
Source: www.secadministrator.com.
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|