Bugtraq: Re: Re: PHP <= 5.2.5 Safe Mode Bypass

Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Bugtraq mailing list archives

Re: Re: PHP <= 5.2.5 Safe Mode Bypass

From: Alireza Hassani <trueend5 () yahoo com>
Date: Tue, 25 Dec 2007 05:20:06 -0800 (PST)

--- shsuff () hotmail com wrote:

Nothing new.
Already found: http://securityreason.com/achievement_securityalert/36/


I think its obvious that this one focuses on safe_mode restriction weakness and that one talks
about open_basedir! The only Similarity between these two advisories is the vulnerable tempnam
function


And this will not bypass safe_mode but open_basedir ...


Which one do you talk about , this or that?



      ____________________________________________________________________________________
Looking for last minute shopping deals?  
Find them fast with Yahoo! Search.  http://tools.search.yahoo.com/newsearch/category.php?category=shopping

By Date By Thread

Current thread:

PHP <= 5.2.5 Safe Mode Bypass admin (Dec 24)
- <Possible follow-ups>
- Re: PHP <= 5.2.5 Safe Mode Bypass shsuff (Dec 24)
- Re: Re: PHP <= 5.2.5 Safe Mode Bypass Alireza Hassani (Dec 26)