WebApp Sec mailing list archives

Previous By Date Next
Previous By Thread Next

Insomnia: Whitepaper - LFI With PHPInfo Assistance

From: "Brett Moore" <brett.moore () insomniasec com>
Date: Tue, 6 Sep 2011 13:28:16 +1200
___________________________________________________________________

Insomnia Security :: LFI With PHPInfo Assistance
___________________________________________________________________

Name: LFI With PHPInfo Assistance
Released: 06 September 2011
Author: Brett Moore, Insomnia Security
Original Link:
http://www.insomniasec.com/releases/whitepapers-presentations
___________________________________________________________________

Whitepaper explaining how PHPInfo can be used to assist with the
exploitation of LFI vulnerabilities on PHP when combined with the
file upload handling feature that is enabled by default. 

The research in this whitepaper is an extension of the published
work by Gynvael Coldwind in the paper "PHP LFI to arbitratry code
execution via rfc1867 file upload temporary files"  
___________________________________________________________________





This list is sponsored by Cenzic
--------------------------------------
Let Us Hack You. Before Hackers Do!
It's Finally Here - The Cenzic Website HealthCheck. FREE.
Request Yours Now! 
http://www.cenzic.com/2009HClaunch_Securityfocus
--------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: