Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > Bugtraq> 1997_4

Bugtraq archives for 4th quarter (Oct-Dec) 1997: Followup to PHP bug

Followup to PHP bug

bryan berg (kmUNDERWORLD.NET)
Sun, 19 Oct 1997 20:50:17 -0400

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: lb - STAFF: "Remotely kill Solaris syslogd"
Previous message: bryan berg: "Vulnerability in PHP Example Logging Scripts"

I wrote that fix without testing it... it does not work, I'm just a little
slow sometimes... ;)

Instead of using the ereg_replace line I submitted before, use the
following block of code, again, right before <?include... line.

<?if(ereg("\/",$screen)) {
        echo "Permission denied: path may not contain slashes.";
        Exit;
        }
>

Sorry about that... this has been confirmed on my machine and does work.

bryan

---
         bryan berg % kmunderworld.net % http://www.underworld.net/~km/
                  system administrator, the underworld project
               "i was blessed with a birth and a death and i guess
                 i just want some say in between" -- ani difranco

Next message: lb - STAFF: "Remotely kill Solaris syslogd"
Previous message: bryan berg: "Vulnerability in PHP Example Logging Scripts"