It has to be relative because of smarty. And some smarty installations have a "secure mode" (like <a href="http://lifetype.net">lifetype.net</a>) that won't allow access out of a specified sandbox.<br><br>The real major danger I see is revealing the db password. And if your shell pass happened to be the same as that password, you are toast.
<br><br>If the sandbox is not enabled, an attacker could read any page they wanted on your server like your httpd conf and such. <br><br><div><span class="gmail_quote">On 2/14/07, <b class="gmail_sendername">Jon Daley</b>
<<a href="mailto:plogworld@jon.limedaley.com">plogworld@jon.limedaley.com</a>> wrote:</span><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
"infected" is probably the wrong word. But, you can check if<br>anyone has used it on your server, by running a command like:<br><br>find -name access.log\* -exec zgrep rss \{} \; |grep "\.\."
<br><br>I wrote something like this to check my servers last night.<br><br>The basic idea is that someone can use the rss parser to read any file on<br>your system - hrm. does it have to be relative? maybe /etc/passwd<br>
would work as well?<br><br>On Wed, 14 Feb 2007, Ammar Ibrahim wrote:<br><br>> Can we have more info about this Vulnerability? I want to check if our<br>> servers are infected with it,<br>><br>> Ammar<br>><br>
> On 2/13/07, Matt Wood <<a href="mailto:matt@woodzy.com">matt@woodzy.com</a>> wrote:<br>>> Dev List,<br>>><br>>> There exists a very serious file disclosure vulnerability within the RSS engines that allows anyone to read the contents of files considered to be secure.
<br>>><br>>> I highly suggest that everyone turn off all RSS off at the moment.<br>>><br>>> I also suppose you will want to let other people know, I don't really have the time to mess with the forums warning people.
<br>>><br>>> Oscar / Jon, I will contact you separately later tonight as this vulnerability compromises www.lifetype.net... and I don't really want our new server to get hosed.<br>>><br>>> -Matt
<br>>><br>>> _______________________________________________<br>>> pLog-svn mailing list<br>>> <a href="mailto:pLog-svn@devel.lifetype.net">pLog-svn@devel.lifetype.net</a><br>>> <a href="http://limedaley.com/mailman/listinfo/plog-svn">
http://limedaley.com/mailman/listinfo/plog-svn</a><br>>><br>> _______________________________________________<br>> pLog-svn mailing list<br>> <a href="mailto:pLog-svn@devel.lifetype.net">pLog-svn@devel.lifetype.net
</a><br>> <a href="http://limedaley.com/mailman/listinfo/plog-svn">http://limedaley.com/mailman/listinfo/plog-svn</a><br>><br><br>--<br>Jon Daley<br><a href="http://jon.limedaley.com/">http://jon.limedaley.com/</a><br>
<br>Some day my boat will come in, and<br> with my luck I'll be at the airport.<br>-- Graffiti<br>_______________________________________________<br>pLog-svn mailing list<br><a href="mailto:pLog-svn@devel.lifetype.net">
pLog-svn@devel.lifetype.net</a><br><a href="http://limedaley.com/mailman/listinfo/plog-svn">http://limedaley.com/mailman/listinfo/plog-svn</a><br></blockquote></div><br>