I'm not sure I understand all of it VS, a couple QQs if you have a moment:
being ran by the webserver via mod_php
... is this the standard, non-CGI way of doing things? So compiling from source and installing against APSX is what makes an install mod_php?
The easiest way to figure out the return address in
* is to attach gdb to one of the apache children, break it on the exploited function
* in apc.c, and find the address of fileinfo->fullpath and then add a bit to it so you
* land in the NOOP padding.
Doesn't someone already need to have access to the box to be here? Is he directing this towards someone doing shared hosting and breaking the machine that they're on?
you're probably not working on
Well, if you can't do that you're probably not working on a machine that you have permission to be doing this sort of thing against
... further data against last QQ
This vulnerability opens people up to real attack in any case where include() and friends are called with user input.
.... sooooo... clearly your code should not include other code based on some form of input... in my case particularly, this would be an automatic. Bad plan, that.
Thanks much man - interesting read. I'm gonna check all my versions and see where I'm sitting in any case.
/p
