Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Sign In Register

Quick Links


Categories

In this Discussion

New PHP vulnerability when using mod_cgi - Page 2
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

New PHP vulnerability when using mod_cgi

2»

Comments

  • lioncolalioncola Member
    edited May 2012

    @subigo said: lol @ the guy from FL. (66.177.11.109) who has decided to go around testing everyone on this board for the vulnerability. Unless someone is using CentOS 4 or some other ancient setup, you're not going to find anything.

    As the guy from 66.177.11.109, I always think it's a good idea to test such things anyway, since the proof-of-concept is so harmless. I checked PHP version headers last PHP securityfail on my favorite sites and notified the administrator of one who was running a vulnerable version even though the fix had been out for weeks.

  • 1q11q1 Member

    @debug said: It was just added.

    how did you know?

  • debugdebug Member

    @1q1 said: how did you know?

    Because I tried it once I saw it on /r/php a few days ago. Doesn't matter, facebook uses their hip-hop compiler (or whatever it's called), so the exploit wouldn't even work.

    Thanked by 11q1
  • natestammnatestamm Member

    ...http://docs.joomla.org/Should_PHP_run_as_a_CGI_script_or_as_an_Apache_module?

  • quirkyquarkquirkyquark Member
    edited May 2012

    I will CONTINUE to use PHP this way (as pure cgi)....
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    ...on my 10MB RAM LowEndChallenge VPS :P

    (because that's the only way my lowendserver (webfs) can do PHP)

Sign In or Register to comment.