[Phpmyadmin-devel] Security issues
michal at cihar.com
Thu Oct 14 11:29:06 CEST 2004
On Thu 14. 10. 2004 16:00, Garvin Hicking wrote:
> Hi All!
> >>> Summary:
> >>> When specifying specially formatted options to external MIME
> >>> transformation, an attacker can execute any shell command restricted by
> >>> privileges of httpd user.
> But it's not that "any shell command" can be executed? I thought that only
> output from the allowed programms can be redirected; thus you can actually
> only overwrite files with privileges of httpd user, right? I thought "|"
> and ";" are escaped by the shellarg-command, so that no other program could
> be spawned...?
> (Sorry, haven't had the time to investigate your fix)
As well as redirection, you can include there $(rm -rf /) or `rm -rf /` and it
Michal Čihař | http://cihar.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 194 bytes
Desc: not available
More information about the Developers