Changes between Initial Version and Version 1 of Ticket #754, comment 19
- Timestamp:
- 07/07/14 11:22:35 (2 years ago)
Legend:
- Unmodified
- Added
- Removed
- Modified
-
Ticket #754, comment 19
initial v1 1 1 In this post we will detail the phpinfo() type confusion vulnerability that we disclosed to PHP.net and show how it allows a PHP script to steal the private SSL key. We demonstrate this on an Ubuntu 12.04 LTS 32 bit default installation of PHP and mod_ssl. Unfortunately this kind of problem is not considered a security problem by PHP.net and therefore this security vulnerability does not have a CVE name assigned to it, yet. 2 2 3 It looks as though youwould already need to have permissions on the server to write php scripts. I'll just double check that the PHP input format is disabled ..3 It looks as though an attacker would already need to have permissions on the server to write php scripts. I'll just double check that the PHP input format is disabled ..
