RE: [PHP] Highjack?

2006-11-15 Thread bruce
is completely correct as i understand php to work. -Original Message- From: Chris [mailto:[EMAIL PROTECTED] Sent: Monday, November 13, 2006 6:28 PM To: [EMAIL PROTECTED] Cc: 'PHP' Subject: Re: [PHP] Highjack? bruce wrote: rory.. thanks.. i had meant to say assuming globals is off

Re: [PHP] Highjack?

2006-11-15 Thread Chris
bruce wrote: hi chris... for the initial post, it does/did matter for register_globals to be on/off. in your reply, you use a $_GET[..] for the $path var. in the initial post that i saw, (which i replied to), the $path var was simply used, without the $_GET[..]. it's my understanding

Re: [PHP] Highjack?

2006-11-14 Thread tedd
At 12:38 PM -0500 11/13/06, Eric Butera wrote: Tedd, I've seen this happen before when someone was able to do a remote code execution exploit on an old version of a very popular open source shopping cart project. I'd say the first thing would be to try and find any include/require statements

Re: [PHP] Highjack?

2006-11-14 Thread Andrei
I usualy use an array with site configuration which I define at top included file so you cannot overwrite the configuration paths from outside the scripts. ? $APP_CFG = array(); $APP_CFG[my_path] = /somewhere/on/server/; ? From TFM: If URL fopen wrappers are enabled in PHP

Re: [PHP] Highjack?

2006-11-13 Thread Eric Butera
On 11/13/06, tedd [EMAIL PROTECTED] wrote: Hi gang: While this is not an obvious php question, it does deal with security which is a concern. Just this morning had a couple of my sites highjacked. What I found was someone had replaced my root level index.php with their own index.php. You can

RE: [PHP] Highjack?

2006-11-13 Thread bruce
be static, and couldn't be munged... thoughts/explanations... thanks -Original Message- From: Eric Butera [mailto:[EMAIL PROTECTED] Sent: Monday, November 13, 2006 9:39 AM To: tedd Cc: PHP General List Subject: Re: [PHP] Highjack? On 11/13/06, tedd [EMAIL PROTECTED] wrote: Hi gang

Re: [PHP] Highjack?

2006-11-13 Thread Matt Carlson
Message From: bruce [EMAIL PROTECTED] To: Eric Butera [EMAIL PROTECTED]; tedd [EMAIL PROTECTED] Cc: PHP General List php-general@lists.php.net Sent: Monday, November 13, 2006 11:55:13 AM Subject: RE: [PHP] Highjack? eric... you say how embarrasing regaring the $path.'foo' i'm curious, why

RE: [PHP] Highjack?

2006-11-13 Thread bruce
: Nov 13, 2006 7:12 PM Subject: Re: [PHP] Highjack? To: [EMAIL PROTECTED] On 11/13/06, bruce [EMAIL PROTECTED] wrote: eric... you say how embarrasing regaring the $path.'foo' i'm curious, why/how is this simple piece of code exploitable. assuming $path is not something that comes via