Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Bugtraq
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Re: PHP <= 5.2.5 Safe Mode Bypass

from [Alireza Hassani] Network Security [Permanent Link]
Subject: Re: Re: PHP <= 5.2.5 Safe Mode Bypass
Date: Tue, 25 Dec 2007 05:20:06 -0800 (PST) 
--- shsuff@hotmail.com wrote:


Nothing new.
Already found: http://securityreason.com/achievement_securityalert/36/


I think it?s obvious that this one focuses on safe_mode restriction weakness 
and that one talks
about open_basedir! The only Similarity between these two advisories is the 
vulnerable tempnam
function



And this will not bypass safe_mode but open_basedir ...



Which one do you talk about , this or that?



      
____________________________________________________________________________________
Looking for last minute shopping deals?  
Find them fast with Yahoo! Search.  
http://tools.search.yahoo.com/newsearch/category.php?category=shopping
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Confixx Professional RF&#304;, erne
Next by Date:  Re: Microsoft Office Publisher, fagian
Previous by Thread:  Re: PHP <= 5.2.5 Safe Mode Bypass, shsuff
Next by Thread:  [CVE-2007-5342] Apache Tomcat's default security policy is too open, Mark Thomas
Indexes:  [Date] [Thread] [Top] [All Lists]