Penetration Testing mailing list archives

Previous By Date Next
Previous By Thread Next

RE: PHP Directory Transversal

From: "Ravish" <ravish () xeonext com>
Date: Thu, 10 Mar 2005 23:01:02 +0530
Hello,

This also depends upon the directory path where the script is being
executed. You could try adjusting ../ according to the path of your
script or can also try www.example.com/static.php?page=/etc/passwd

Regards,
Ravish
http://www.xeonext.com


-----Original Message-----
From: Andres Molinetti [mailto:andymolinetti () hotmail com] 
Sent: Thursday, March 10, 2005 7:52 PM
To: pen-test () securityfocus com
Cc: webappsec () securityfocus com
Subject: PHP Directory Transversal

Hi,

Working on a Web app testing...I have found that the uses the
so-vulnerable 
method of including files requested by php parameters:

www.example.com/static.php?page=hello.htm
(htm files are in /templates dir)

A the page in the parameter is requested statically, I did a 
www.example.com/static.php?page=../static.php and I got that page source

code.

Therefore, I tried doing a 
www.example.com/static.php?page=../../../../../../etc/passwd
but I get an error saying that file doesn't exist.

I user the same source code in my server, and I could retrieve the 
file...what can be happening? I don't think it is under a chroot jail...

I'm working with Apache 2.0.48 and PHP 4.3.4
and the real server has Apache 2.0.52 an PHP 4.3.9....

Thanks in advance,
Andy

_________________________________________________________________
Descarga gratis la Barra de Herramientas de MSN 
http://www.msn.es/usuario/busqueda/barra?XAPID=2031&DI=1055&SU=http%3A//
www.hotmail.com&HL=LINKTAG1OPENINGTEXT_MSNBH
Previous By Date Next
Previous By Thread Next

Current thread: