Bugtraq mailing list archives

Re: PHP filesystem attack vectors

From: cxib () securityreason com
Date: 10 Feb 2009 20:34:24 -0000

try combination with ..\

\ is accepted in many linux distr.

        
Some time ago, was possible bypass safe_mode.

like include "..\..\..\..\..\..\../../../../../etc/passwd"

We do not guarantee that it still works.

-- 
Best Regards,
------------------------
pub   1024D/A6986BD6 2008-08-22
uid                  Maksymilian Arciemowicz (cxib) <cxib () securityreason com>
sub   4096g/0889FA9A 2008-08-22

http://securityreason.com
http://securityreason.com/key/Arciemowicz.Maksymilian.gpg

Current thread:

PHP filesystem attack vectors ascii (Feb 09)
- Re: [Full-disclosure] PHP filesystem attack vectors Stefan Esser (Feb 09)
- <Possible follow-ups>
- Re: PHP filesystem attack vectors cxib (Feb 10)