[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Full-Disclosure] RE: file_exists() bypassing , critical problem ?
- To: <dan@lockedbox.net>, <full-disclosure@lists.netsys.com>
- Subject: [Full-Disclosure] RE: file_exists() bypassing , critical problem ?
- From: "Nourredine Himeur" <lostnoobs@security-challenge.com>
- Date: Mon, 2 Feb 2004 15:12:25 +0100
Hi,
It depends of your php configuration... (but it's not a vulnerability so
..... i can say you what's the configuration is good ,because firstly nobody
listen me and secondly php-group are blind and deaf)
look this :
http://lists.netsys.com/pipermail/full-disclosure/2004-February/016612.html
http://www.opensavoir.com/test.txt
http://www.opensavoir.com/test.php
http://www.opensavoir.com/test.php?page=../../../../../../../../../../etc/pa
sswd
but it's not a vulnerability HA ! HA ! HA ! show this :
http://www.opensavoir.com/test.php?page=./anything/../../../../../../../../.
./../etc/passwd
:)
Nourredine Himeur
www.security-challenge.com
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html