[nycphp-talk] php problems from SecurityFocus Newsletter # 210
Analysis & Solutions
danielc at analysisandsolutions.com
Mon Aug 18 16:07:25 EDT 2003
Last weeks lull has been more than made up by this weeks flood, including
a vulnerability in PHP itself...
A PROBLEM IN PHP ITSELF !!!
PHP DLOpen Arbitrary Web Server Process Memory Vulnerability
A problem has been reported in the dlopen function of PHP when used with
the Apache web server. Because of this, an attacker may be able to gain
unauthorized access to potentially sensitive information.
The problem is in the ability to access the memory of the calling process.
When a PHP script is executed by an Apache process, it is possible to
dump the contents of the Apache process memory to a text file. This could
be used by an attacker to gain access to potentially sensitive information
which could include authentication credentials. The function may also
permit other attacks, such as allowing an attacker to deliver different
content other than what the server is configured to serve.
PROBLEMS IN APPS THAT USE PHP
[Yet more] PostNuke Downloads / Web_Links Modules TTitle Cross-site Scr...
Multiple geeeekShop Information Disclosure Vulnerabilities
Invision Power Board Admin.PHP Cross-Site Scripting Vulnerab...
DCForum+ Subject Field HTML Injection Vulnerability
[This issue is exposed through the dcboard.php script.]
Better Basket Pro Store Builder Remote Path Disclosure Vulne...
PHPOutSourcing Zorum Cross-Site Scripting Vulnerability
News Wizard Path Disclosure Vulnerability
PHP Website Calendar Module SQL Injection Vulnerabilities
PHP Website Multiple Module Cross-Site Scripting Vulnerabili...
PHPOutsourcing Zorum Path Disclosure Vulnerability
Horde Application Framework Account Hijacking Vulnerability
HostAdmin Path Disclosure Vulnerability
Xoops BBCode HTML Injection Vulnerability
HolaCMS HTMLtags.PHP Local File Include Vulnerability
FREE scripts that make web and database programming easier
T H E A N A L Y S I S A N D S O L U T I O N S C O M P A N Y
4015 7th Ave #4AJ, Brooklyn NY v: 718-854-0335 f: 718-854-0409
More information about the talk