HOME Community Articles Code Library People Mail Archive My Account Contribute PHP Jobs

Open Source Database Feature Comparison Matrix Try Declarative Programming with Annotations and Aspects Locate All Stored Procedures and Their Objects/SQL Tables Building a Stored Procedure Generator Making Tables Read-only in Oracle

24-hour Support Daily Backup Dedicated Servers JSP/Java Servlets PHP MySQL Streaming Audio/Video Telnet/SSH Unix Hosting 24-hour Support

From: James Moore (jmoore <email protected>)
Date: 12/10/00

• Next message: James Moore: "RE: [PHP-DEV] PHP 4.0 Bug #8187: Partial FTP Downloads"
• Previous message: Chuck Hagenbuch: "Re: [PHP-DEV] a small utility function mail_mime_header()"
• In reply to: Zeev Suraski: "Re: [PHP-DEV] Fwd: CHINANSL Security Advisory(CSA-200011)"
• Next in thread: Zeev Suraski: "RE: [PHP-DEV] Fwd: CHINANSL Security Advisory(CSA-200011)"
• Reply: Zeev Suraski: "RE: [PHP-DEV] Fwd: CHINANSL Security Advisory(CSA-200011)"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

I tested on windows.. didnt work with php3 and apache 1.3.12, I couldnt get
1.3.6 to run due to registry problems.. Never build apache before and didnt
know what registry patches it needs, if someone can tell me this then ill
try.

cheers

James

-----Original Message-----
From: Zeev Suraski [mailto:zeev <email protected>]
Sent: 10 December 2000 19:04
To: Jens Kristian Søgaard
Cc: php-dev <email protected>
Subject: Re: [PHP-DEV] Fwd: CHINANSL Security Advisory(CSA-200011)

The exploit is only likely to work under Windows, as it relies on \ being a
directory separator character. Did anybody test it under Windows?

Zeev

At 19:29 10/12/2000, Jens Kristian Søgaard wrote:
>"Sterling Hughes" <Sterling.Hughes <email protected>> writes:
>
> > The bug report says PHP3 though. Are you using php3 to test it?
>
>PHP 3.0.11, Apache 1.3.3 on SunOS 5.7. The "exploit" had no effect
>here.
>
>
>--
>Jens Kristian Søgaard,
>jk <email protected> -- http://www.jksoegaard.dk/
>Søger du noget? -- http://www.google.com/
>echo|perl -ple'$_+=4E-6*!int rand()**2+rand()**2while$i++-1E6'
>
>--
>PHP Development Mailing List <http://www.php.net/>
>To unsubscribe, e-mail: php-dev-unsubscribe <email protected>
>For additional commands, e-mail: php-dev-help <email protected>
>To contact the list administrators, e-mail: php-list-admin <email protected>

--
Zeev Suraski <zeev <email protected>>
CTO, Zend Technologies Ltd. http://www.zend.com/
--
PHP Development Mailing List <http://www.php.net/>
To unsubscribe, e-mail: php-dev-unsubscribe <email protected>
For additional commands, e-mail: php-dev-help <email protected>
To contact the list administrators, e-mail: php-list-admin <email protected>
-- 
PHP Development Mailing List <http://www.php.net/>
To unsubscribe, e-mail: php-dev-unsubscribe <email protected>
For additional commands, e-mail: php-dev-help <email protected>
To contact the list administrators, e-mail: php-list-admin <email protected>

• Next message: James Moore: "RE: [PHP-DEV] PHP 4.0 Bug #8187: Partial FTP Downloads"
• Previous message: Chuck Hagenbuch: "Re: [PHP-DEV] a small utility function mail_mime_header()"
• In reply to: Zeev Suraski: "Re: [PHP-DEV] Fwd: CHINANSL Security Advisory(CSA-200011)"
• Next in thread: Zeev Suraski: "RE: [PHP-DEV] Fwd: CHINANSL Security Advisory(CSA-200011)"
• Reply: Zeev Suraski: "RE: [PHP-DEV] Fwd: CHINANSL Security Advisory(CSA-200011)"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]