Closed Thread Icon

Preserved Topic: PHP (3.x & 4.X) remote fileupload vulnerabilities... (Page 1 of 1) Pages that link to <a href="https://ozoneasylum.com/backlink?for=21064" title="Pages that link to Preserved Topic: PHP (3.x &amp;amp; 4.X) remote fileupload vulnerabilities... (Page 1 of 1)" rel="nofollow" >Preserved Topic: PHP (3.x &amp; 4.X) remote fileupload vulnerabilities... <span class="small">(Page 1 of 1)</span>\

 
mr.maX
Maniac (V) Mad Scientist

From: Belgrade, Serbia
Insane since: Sep 2000

posted posted 02-28-2002 21:01

Details: http://security.e-matters.de/advisories/012002.html
PHP 4.1.2: http://www.php.net/downloads.php


GRUMBLE
Paranoid (IV) Mad Scientist

From: Omicron Persei 8
Insane since: Oct 2000

posted posted 02-28-2002 22:24

damn my bad english, what's arbitrary code?

bitdamaged
Maniac (V) Mad Scientist

From: 100101010011 <-- right about here
Insane since: Mar 2000

posted posted 02-28-2002 22:50

Kinda hard to explain but it basically (in this context) means not well thought out or used for convenience as opposed to real functionality. Essentially not well planned and thought about.


This also goes back to the post-upload vs. ftp upload discussed in this thread.



:[ Computers let you make more mistakes faster than any other invention in human history, with the possible exceptions of handguns and tequila. ]:

[This message has been edited by bitdamaged (edited 02-28-2002).]

GRUMBLE
Paranoid (IV) Mad Scientist

From: Omicron Persei 8
Insane since: Oct 2000

posted posted 02-28-2002 22:52

hmmmm.....
could you give an example?

jiblet
Paranoid (IV) Inmate

From: Minneapolis, MN, USA
Insane since: May 2000

posted posted 03-01-2002 06:10

Actually I would say bitdamaged's explanation is actually more about arbitrary in OTHER contexts. In this context it just means they can run any code they want.

Generally he's right though, arbitrary usually means choosing something without much consideration or reason for consideration. Such as:

"For a simple database of phone numbers you could use either mSQL or mySQL, the choice is arbitrary."

"I didn't care where I went, so I just arbitrarily chose a restaurant."

-jiblet

lallous
Paranoid (IV) Inmate

From: Lebanon
Insane since: May 2001

posted posted 03-01-2002 08:22

Grumble, your english is good, but this word has many meanings in different contexts.

arbitrary code<- comes same as for the IIS flows->when the buffer overflows and the overflowed bytes are real Opcodes that get ran on the victim's stack segment (mostly).

« BackwardsOnwards »

Show Forum Drop Down Menu