Bugtraq mailing list archives
Re: PHP filesystem attack vectors
From: cxib () securityreason com
Date: 10 Feb 2009 20:34:24 -0000
try combination with ..\ \ is accepted in many linux distr. Some time ago, was possible bypass safe_mode. like include "..\..\..\..\..\..\../../../../../etc/passwd" We do not guarantee that it still works. -- Best Regards, ------------------------ pub 1024D/A6986BD6 2008-08-22 uid Maksymilian Arciemowicz (cxib) <cxib () securityreason com> sub 4096g/0889FA9A 2008-08-22 http://securityreason.com http://securityreason.com/key/Arciemowicz.Maksymilian.gpg
Current thread:
- PHP filesystem attack vectors ascii (Feb 09)
- Re: [Full-disclosure] PHP filesystem attack vectors Stefan Esser (Feb 09)
- <Possible follow-ups>
- Re: PHP filesystem attack vectors cxib (Feb 10)