Bugtraq: Re: phptonuke allows Remote File Retrieving

Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Bugtraq mailing list archives

Re: phptonuke allows Remote File Retrieving

From: BlueRaven <blueraven () libero it>
Date: Thu, 17 Oct 2002 09:35:52 +0200

On Thu, Oct 17, 2002 at 05:50:10AM +0800, Zero-X ScriptKiddy wrote:

The file "phptonuke.php" from myphpnuke allows Remote File Retrieving.

Exploit Example:
http://website.com/phptonuke.php?filnavn=/etc/passwd


This is not really a specific vulnerability in the application, but a more
general PHP feature: by default, it is possible to open any world readable
file.
You can override this by using openbase_dir setting in php.ini and
restricting file operations to a specified subset of paths.

-- 
BlueRaven

There are only 10 types of people in this world...
those who understand binary, and those who don't.

By Date By Thread

Current thread:

phptonuke allows Remote File Retrieving Zero-X ScriptKiddy (Oct 16)
- Re: phptonuke allows Remote File Retrieving BlueRaven (Oct 17)