13 Jan
2008
13 Jan
'08
9:09 p.m.
On Mon, 14 Jan 2008 00:15:27 +0000 Karanbir Singh kbsingh@centos.org wrote:
Mark Weaver wrote:
those patches didn't do much for keeping one of my systems from being breached via php. from the looks of the web server logs as well as the messages log file that's where they got in.
I am still waiting for you to post some demonstrate-able exploit in the distro supplied php packages.
- KB
while I understand why you'd like proof of concept for the exploit it's not something I'd post on a public mailing list. Not to mention the exploit was trashed when I reloaded the system. At the time it didn't seem expedient for to save that which killed my server for posterity.
Mark