[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: PHP filesystem attack vectors
- To: bugtraq@xxxxxxxxxxxxxxxxx
- Subject: Re: PHP filesystem attack vectors
- From: cxib@xxxxxxxxxxxxxxxxxx
- Date: 10 Feb 2009 20:34:24 -0000
try combination with ..\
\ is accepted in many linux distr.
Some time ago, was possible bypass safe_mode.
like include "..\..\..\..\..\..\../../../../../etc/passwd"
We do not guarantee that it still works.
--
Best Regards,
------------------------
pub 1024D/A6986BD6 2008-08-22
uid Maksymilian Arciemowicz (cxib) <cxib@xxxxxxxxxxxxxxxxxx>
sub 4096g/0889FA9A 2008-08-22
http://securityreason.com
http://securityreason.com/key/Arciemowicz.Maksymilian.gpg