PhpDig - Urgent

Charter · 01-14-2004, 02:29 PM

Re: PhpDig - VERSION 1.6.5 (non-patched) AND ALL PRIOR VERSIONS

FraMe from http://www.kernelpanik.org sent a Bug Report regarding remote command execution. Below you will find FraMe's code as modified by me.

!!! ADD THIS TO THE TOP OF THE CONFIG.PHP FILE NOW !!!

PHP Code:


			
// prevent remote command execution

if ((isset($relative_script_path)) &&

($relative_script_path != ".") &&

($relative_script_path != "..")) {

exit();

}



if ((!isset($relative_script_path)) || 

(($relative_script_path != ".") && 

($relative_script_path != ".."))) {

  // echo "\n\nPath $relative_script_path not recognized!\n\n";

  exit();

}



// prevent requests for config.php

if (eregi("config.php",$_SERVER['SCRIPT_FILENAME']) ||

eregi("config.php",$_SERVER['REQUEST_URI'])) {

exit();

}

If you modified PhpDig paths, then see this thread.

Alternatively, you can download the patched 1.6.5 version here or UPGRADE to PhpDig version 1.8.0 here.

No, I'm not going to explain any further, and nobody else should either. Just add the code. Thanks.

01-14-2004, 02:29 PM	#1
Charter Head Mole Join Date: May 2003 Posts: 2,539	PhpDig - Urgent Re: PhpDig - VERSION 1.6.5 (non-patched) AND ALL PRIOR VERSIONS FraMe from http://www.kernelpanik.org sent a Bug Report regarding remote command execution. Below you will find FraMe's code as modified by me. !!! ADD THIS TO THE TOP OF THE CONFIG.PHP FILE NOW !!! PHP Code: // prevent remote command execution if ((isset($relative_script_path)) && ($relative_script_path != ".") && ($relative_script_path != "..")) { exit(); } if ((!isset($relative_script_path)) \|\| (($relative_script_path != ".") && ($relative_script_path != ".."))) { // echo "\n\nPath $relative_script_path not recognized!\n\n"; exit(); } // prevent requests for config.php if (eregi("config.php",$_SERVER['SCRIPT_FILENAME']) \|\| eregi("config.php",$_SERVER['REQUEST_URI'])) { exit(); } If you modified PhpDig paths, then see this thread. Alternatively, you can download the patched 1.6.5 version here or UPGRADE to PhpDig version 1.8.0 here. No, I'm not going to explain any further, and nobody else should either. Just add the code. Thanks. __________________ Responses are offered on a voluntary if/as time is available basis, no guarantees. Double posting or bumping threads will not get your question answered any faster. No support via PM or email, responses not guaranteed. Thank you for your comprehension.

Similar Threads
Thread	Thread Starter	Forum	Replies	Last Post
Urgent: Lots of problems please help	lochie1979	Troubleshooting	0	10-04-2006 10:21 AM
URGENT! Probably a seriose bug.	BulForce	Troubleshooting	4	01-20-2005 05:11 PM