PHP 5.2.10 contains High-Risk Bugs

C

Cyber-DL

Active Member
#1
#1
Hi dear admins ,
PHP version 5.2.10 contains many high-risk bugs like symlink , with this Function you can with a Shell Script Deface All of the sites are in a Server !

but this bug fixed in 5.3 Version ! please Update PHP version of LiteSpeed to 5.3 !

this bug at all can bypass openbase_dir ! please do it !

best regards
 
R

robfrew

Well-Known Member
#5
#5
Cyber-DL said:
Hi dear admins ,
PHP version 5.2.10 contains many high-risk bugs like symlink , with this Function you can with a Shell Script Deface All of the sites are in a Server !

but this bug fixed in 5.3 Version ! please Update PHP version of LiteSpeed to 5.3 !

this bug at all can bypass openbase_dir ! please do it !

best regards
Click to expand...
If you believe that the version of PHP you are using has security issues that will affect you, you can install PHP 5.3 yourself from source.
 
I

IrPr

Well-Known Member
#6
#6
Cyber-DL said:
Hi dear admins ,
PHP version 5.2.10 contains many high-risk bugs like symlink , with this Function you can with a Shell Script Deface All of the sites are in a Server !

but this bug fixed in 5.3 Version ! please Update PHP version of LiteSpeed to 5.3 !

this bug at all can bypass openbase_dir ! please do it !

best regards
Click to expand...
I don't see such bug in PHP 5.3.0 / 5.2.11 change log

Please provide exploit here
 
I

IrPr

Well-Known Member
#8
#8
Cyber-DL said:
i know ! pay atention to Topic date , that bugs Fixed in 5.2.11 and later ,;)

good job
Click to expand...
You miss understood
I mean no such open_basedir bypass or symlink security bug has been fixed in 5.2.11 due to its change log!

So there was no such bug on 5.2.10
 
C

Cyber-DL

Active Member
#9
#9
IrPr said:
You miss understood
I mean no such open_basedir bypass or symlink security bug has been fixed in 5.2.11 due to its change log!

So there was no such bug on 5.2.10
Click to expand...
before 5.2.11 php.net released php 5.3 and i lost changeLog page , i knew thereis a simlink bug but i didn't know how it work ?!

in php 5.3 ( not 5.3.0 ) i saw simlink function and a in a short line describ about it , he said this function may openbase_dir bypass ,

you can search about SIMLINK() bug , it work like shortCut in WINdows .
when you have access with a Host then with this bug u can link you deface page in another hosts and that is a shortcut only and linked from main hacked account .

so tell me meaning of the openbase_dir bypasse ! i think that's it ;)
 
I

IrPr

Well-Known Member
#10
#10
Cyber-DL said:
before 5.2.11 php.net released php 5.3 and i lost changeLog page , i knew thereis a simlink bug but i didn't know how it work ?!

in php 5.3 ( not 5.3.0 ) i saw simlink function and a in a short line describ about it , he said this function may openbase_dir bypass ,

you can search about SIMLINK() bug , it work like shortCut in WINdows .
when you have access with a Host then with this bug u can link you deface page in another hosts and that is a shortcut only and linked from main hacked account .

so tell me meaning of the openbase_dir bypasse ! i think that's it ;)
Click to expand...
Well, I'm familar with linux system symlink and i disabled that globally using LSWS security features to improve shared hosts security

Here is php 5 changelog: http://www.php.net/ChangeLog-5.php
i didn't find any bugs related to symlink or open_basedir in 5.2 or 5.3 releases!

There is one open_basedir phrase in 5.3.0 change log, but its not related to Security issue!
security fixes are in top order of bug fixes

It seems no any security fix in 5.3.0 release, but 5.2.11 have some security fixes which none is releated to open_basedir or safemode bypass

Let me know if im wrong!
 
Last edited:
C

Cyber-DL

Active Member
#11
#11
IrPr said:
Well, I'm familar with linux system symlink and i disabled that globally using LSWS security features to improve shared hosts security

Here is php 5 changelog: http://www.php.net/ChangeLog-5.php
i didn't find any bugs related to symlink or open_basedir in 5.2 or 5.3 releases!

There is one open_basedir phrase in 5.3.0 change log, but its not related to Security issue!
security fixes are in top order of bug fixes

It seems no any security fix in 5.3.0 release, but 5.2.11 have some security fixes which none is releated to open_basedir or safemode bypass

Let me know if im wrong!
Click to expand...
i'm confused , maybe i'm wrong maybe you !

but i think maybe this bug was in 5.2.9 or 5.2.10 ! it's better you see this urls
Code: 
http://securityreason.com/achievement_securityalert/61
http://securityreason.com/securityalert/6166
http://seclists.org/fulldisclosure/2009/Aug/0065.html
http://bugs.php.net/bug.php?id=49026
at last, take a look in Topic Date , it's for when 5.3.0 wasn't add to LSWS , and it was a warning , just a warning . and now i cant find 5.2.11 in LSWS coz 5.3.0 have many changes and i cant use it coz many of script didn't match to php 5.3.0 yet .

please add 5.2.11 to LSWS OR tell ma way to compile PHP 5.2.11 ( or other version wasn't in LSWS ) manualy

Best Regards
 
You must log in or register to reply here.
Top