WebApp Sec: Re: PHP Directory Transversal

Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

WebApp Sec mailing list archives

Re: PHP Directory Transversal

From: Alex 'CAVE' Cernat <cave () cernat ro>
Date: Fri, 18 Mar 2005 21:06:44 +0200

On Mon, 14 Mar 2005 17:02:38 +0000
"Andres Molinetti" <andymolinetti () hotmail com> wrote:

It seems that the problem was that it had "safe_mode" on....


there is a bug/feature in safe_mode: even it is on you can still get out
from your home directory 

a good solution is to use the open_basedir directive (but it will need
some additional hacks - temp dir, upload dir etc.)

Alex

By Date By Thread

Current thread:

Re: PHP Directory Transversal, (continued)
- Re: PHP Directory Transversal Sarath Kummamuru (Mar 13)
- RE: PHP Directory Transversal Ravish (Mar 13)
- Re: PHP Directory Transversal David M. Zendzian (Mar 13)
- Re: PHP Directory Transversal John GALLET (Mar 18)
  - Re: PHP Directory Transversal Andres Molinetti (Mar 18)
    - Re: PHP Directory Transversal Alex 'CAVE' Cernat (Mar 20)