[36058] in bugtraq
Re: [PHP Bug] How to hide a HTTP request in the apache logs
daemon@ATHENA.MIT.EDU (Max Valdez)
Mon Aug 9 21:48:50 2004
From: Max Valdez <maxvalde@fis.unam.mx>
To: bugtraq@securityfocus.com
Date: Mon, 9 Aug 2004 16:14:29 -0500
In-Reply-To: <20040806232516.20051.qmail@www.securityfocus.com>
MIME-Version: 1.0
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
Message-Id: <200408091614.29905.maxvalde@fis.unam.mx>
works on Apache/2.0.50 PHP 4.3.8
over gentoo.
The subject is a little bit missleading, because the user has to be able to
insert the code under documento root. Cant see any security concern on that
code with social engeniering not involved.
Max
--
Linux garaged 2.6.7-rc3-mm2 #2 Sat Jun 19 15:43:32 CDT 2004 i686 Intel(R)
Pentium(R) 4 CPU 2.80GHz GenuineIntel GNU/Linux
-----BEGIN GEEK CODE BLOCK-----
Version: 3.12
GS/S d- s: a-29 C++(+++) ULAHI+++ P+ L++>+++ E--- W++ N* o-- K- w++++ O- M--
V-- PS+ PE Y-- PGP++ t- 5- X+ R tv++ b+ DI+++ D- G++ e++ h+ r+ z**
------END GEEK CODE BLOCK------
gpg-key: http://garaged.homeip.net/gpg-key.txt
