>>Bob I don't know what you sent to Rick before I got involved, all I can do is keep aware of issues that come to me and make sure they are taken care of.<<
David,
I sent an email and private message to Rick over at threadsdev. Ricks response was that he had just found the bug before I alerted him of it.
I gave a detailed explanation of what I was able to do to exploit this. If this person had a bit more knowledge of how to exploit this bug he could do far more than he did. In my test I was able to take complete control of a partners server after I tested it on mine. I wanted to make sure it just wasn't another bug with IIS.
Again, this bug exists in every version of php threads and if you allow uploads, your server can be compromised. The reading of the config file and getting data from mysql is just a small crack in the dam.
>>We need to find a way to make sure that the config script just cannot be read. You know the last part will be hard to do if it is even able to be done.<<
This is very simple and one of the first thing I do when I use any script. All that has to be done is move the config file above the web root into a chroot jail. Then make sure your scripts run as a user that has read access.
[b]Extreme VB Forums -[/b] Visual Basic Help[This message was edited by Extrm Bob on 30 Jan 02 at 09:42 PM.]
