|
Posted by Rik on 02/23/07 20:33
shimmyshack <matt.farey@gmail.com> wrote:
> Rik <luiheidsgoe...@hotmail.com> wrote:
>> >> > Attack does not work here on the local server....
>> >> And the live server is also safe :-)
>> > out of interest what are you running, is php a module, ta.
>>
>> Homebox:
>> W2K, Apache 2.2.2, PHP 5.1.4 as a module.
>>
>> Live server:
>> FreeBSD 5.3, Apache 2.0.54, PHP 4.4.2 (yes, still, goddamnit) as a
>> module.
> Ive sent you an email to the hotmail address luihei...
> just to help me clear up a few details. Thanks for the above details.
To answer publically: followed the little tutorial to the letter (well,
system('ls'); should be system('dir'); here), and no banana: clean output
of the php script in the image, and not my dir contents.
To tell you the truth: I haven't go the foggiest idea _why_ it works, so I
couldn't say which setting it is. I could mail you the main portions of my
apache config, but as it is apparantly a Windows vulnerability, any of
numerous windows settings could be the one that does it. Mind you, I do
have a very nlited version of W2K (google nlite, great for stripping down
unwanted bullshit from Windows), so I won't have you typical Windows
installation. Tomorrow I'll put XAMPP on a WXP64 box here, let's see what
that full installation does.
--
Rik Wasmus
[Back to original message]
|