[WEB SECURITY] AT&T exposes /etc/passwd , bad php
Michael Condon
admin at singulartechnologysolutions.com
Mon Jul 27 16:11:48 EDT 2009
Can anyone convince me (or anyone else) why I should ever use a QUERY_STRING
in a URL?
-----Original Message-----
From: Shane Forsythe [mailto:shane.forsythe at fau.edu]
Sent: Monday, July 27, 2009 1:09 PM
To: websecurity at webappsec.org
Subject: [WEB SECURITY] AT&T exposes /etc/passwd , bad php
In an amazing example of how not to do file operations with php. AT&T
has the following URL
http://www.research.att.com/areas/visualization/papers_videos/subpage.php?pa
ge=
You can add ANY file to the end and will happily retrieve for you,
though I'd suggest not actually testing it out
(some examples that were vurnable)
../../../../proc/cpuinfo
/etc/passwd
It appears they have taken page offload and our now aware of it, but if
you follow the comments here, it was active for a good portion and
thoroughly combed over
http://www.reddit.com/r/programming/comments/94z5w/att_exposes_etcpasswd_bad
_php/
This seems to be an escalating of AT&T event regarding 4chan
----------------------------------------------------------------------------
Join us on IRC: irc.freenode.net #webappsec
Have a question? Search The Web Security Mailing List Archives:
http://www.webappsec.org/lists/websecurity/archive/
Subscribe via RSS:
http://www.webappsec.org/rss/websecurity.rss [RSS Feed]
Join WASC on LinkedIn
http://www.linkedin.com/e/gis/83336/4B20E4374DBA
----------------------------------------------------------------------------
Join us on IRC: irc.freenode.net #webappsec
Have a question? Search The Web Security Mailing List Archives:
http://www.webappsec.org/lists/websecurity/archive/
Subscribe via RSS:
http://www.webappsec.org/rss/websecurity.rss [RSS Feed]
Join WASC on LinkedIn
http://www.linkedin.com/e/gis/83336/4B20E4374DBA
More information about the websecurity
mailing list