Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:3670 Return-Path: Mailing-List: contact internals-help@lists.php.net; run by ezmlm Delivered-To: mailing list internals@lists.php.net Received: (qmail 20474 invoked from network); 31 Jul 2003 20:05:43 -0000 Received: from unknown (HELO mail-3.nethere.net) (66.63.128.72) by pb1.pair.com with SMTP; 31 Jul 2003 20:05:43 -0000 Received: (qmail 66749 invoked from network); 31 Jul 2003 20:05:41 -0000 Received: from ppp-66-63-131-145.sndg-c5300-2.dialup.nethere.net (localhost.localdomain [66.63.131.145]) by mail-3.nethere.net with SMTP; 31 Jul 2003 20:05:41 -0000 (envelope-sender ) Content-Type: text/plain; charset="iso-8859-1" Organization: The Coeus Group To: internals@lists.php.net Date: Thu, 31 Jul 2003 13:03:12 -0700 User-Agent: KMail/1.4.3 References: <059101bffadb$28a33670$1400000a@fatcuban> <3F2933BC.8010401@php.net> In-Reply-To: <3F2933BC.8010401@php.net> X-DeCSS-Usage: cat title-key scrambled.vob | decss > clear.vob X-DeCSS-Line-1: #define m(i)(x[i]^s[i+84])<< X-DeCSS-Line-2: unsigned char x[5],y,s[2048];main(n){for(read(0,x,5);read(0,s,n=2048);write(1,s,n))if(s[y=s[13]%8+20]/16%4==1){int i=m(1)17^256+m(0)8,k=m(2)0,j=m(4)17^m(3)9^k*2-k%8^8,a=0,c=26;for(s[y]-=16;--c;j*=2)a=a*2^i&1,i=i/2^j&1<<24;for(j=127;++jy)c+=y=i^i/8^i>>4^i>>12,i=i>>8^y<<17,a^=a>>14,y=a^a*8^a<<6,a=a>>8^y<<9,k=s[j],k="7Wo~'G_\216"[k&7]+2^"cr3sfw6v;*k+>/n."[k>>4]*2^k*257/8,s[j]=k^(k&k*2&34)*6^c+~y;}} MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Message-ID: <200307311014.16774.evan@coeus-group.com> Subject: Re: [PHP-DEV] upload compromises From: evan@coeus-group.com (Evan Nemerson) [PHP] Possible My Website was hacked... with PHP... please tell me what this is??? http://marc.theaimsgroup.com/?t=105963160300003&r=1&w=2 P.S. to Hartmut Holzgraefe : even funnier that he's using a root account for communication through Microsoft Outlook Express 6.00.2720.3000, and is worried about php file uploads On Thursday 31 July 2003 08:20 am, Hartmut Holzgraefe wrote: > Rasmus Lerdorf wrote: > > I suppose we could suck all the code from the UNIX 'file' command into > > PHP > > we already have ;) > > someone at HP already did that for apache and i wrapped it up in > ext/mime_magic > > > The only way to upload a file and then execute it is to know > > a little bit about the web server and upload specific file types the web > > server is configured to execute. > > maybe the request was also about client security? > (just guessing, hard to tell with no links to the mentioned > "bad publicity" in the original message ...) > > like maybe windows EXE files getting uploaded to galeries? > > sure, the application storing and providing the uploaded files *should* > check that stuff itself, but most probably wont ... :( > > what about some mechanism similar to your input filtering stuff that > operates on uploads so that it becomes possible to enforce sitewide > upload policies even in shared hosting environments using some sort > of hooks? > > PS to "skate" : > funny that you are worried about php file uploads but not > about using the root account for communication ;)