[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-security] Cobalt Cube Webmail directory traversal (fwd)
- Subject: Re: [cobalt-security] Cobalt Cube Webmail directory traversal (fwd)
- From: Gossi The Dog <gossi@xxxxxxxxxxxxxx>
- Date: Fri, 6 Jul 2001 22:06:59 +0100 (BST)
- List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>
On Fri, 6 Jul 2001, Steve Werby wrote:
> "shimi" <shimi@xxxxxxxxxxxxxxxx> wrote:
> > And in any case I am still correct... if a webserver has a server root, in
> > no case the webserver shall send out a page on a directory upper than it's
> > server root. That's only my opinion, though... (chroot was made for
> > limiting software to the exact same thing)
>
> And it's trivial for PHP to be configured to do the same. See:
> http://www.php.net/manual/en/configuration.php#ini.doc-root
> http://www.php.net/manual/en/configuration.php#ini.open-basedir
>
> And the exact exploit found by GTD was discussed in the last 2 days on
> php-general under the thread "Security of PHP code". Here's the first
> message, follow the thread if you'd like.
Indeed. For this years Blackhat conference, a paper and presentation on
advanced PHP code hacking has been released. Whilst it's a very good
technical read, it leaves a major headache to hosting companies. The
reason? The amount of exploitable PHP utilities. Generally speaking, if
you suppose PHP, chances are your users will be running prewritten code
such as PHPnuke, SquirrelMail etc.
I'll rumage through my inbox for the paper URL, if anybody is interested.