Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email email@example.com
RE: PHP Directory Transversal
From: Mehmet Buyukozer (mbuyukozergmx.co.uk)
Date: Fri Mar 11 2005 - 00:50:37 CST
You said all users have read dccess, have you tried some other files in etc
From: Andres Molinetti [mailto:andymolinettihotmail.com]
Sent: Thursday, March 10, 2005 4:48 PM
Cc: pen-testsecurityfocus.com; webappsecsecurityfocus.com
Subject: Re: PHP Directory Transversal
I'm sure that I'm adding the exact numer of "../" because I was able to
retrive phpinfo.php and there I have the DOCUMENT_ROOT server variable...
It's under user Apache...but anyway...it is accessing the files for reading,
and all users have priviledges to access the passwd file for reading...
>From: Felikz <securityfocusfelikz.net>
>To: Andres Molinetti <andymolinettihotmail.com>
>CC: pen-testsecurityfocus.com, webappsecsecurityfocus.com
>Subject: Re: PHP Directory Transversal
>Date: Thu, 10 Mar 2005 14:44:17 +0000
>Have you tried http://www.example.com/static.php?page=/etc/passwd
>Also, the issue you may be hitting is that the website root may be in a
>deeper directory that you think, therefore you may need to do more
>It's worth giving a thought to the fact that Apache/PHP may/should be
>running as an underprivilaged user and therefore shouldn't have the ability
>to traverse that far.
>Andres Molinetti wrote:
>>Working on a Web app testing...I have found that the uses the
>>so-vulnerable method of including files requested by php parameters:
>>(htm files are in /templates dir)
>>A the page in the parameter is requested statically, I did a
>>www.example.com/static.php?page=../static.php and I got that page source
>>Therefore, I tried doing a
>>but I get an error saying that file doesn't exist.
>>I user the same source code in my server, and I could retrieve the
>>file...what can be happening? I don't think it is under a chroot jail...
>>I'm working with Apache 2.0.48 and PHP 4.3.4
>>and the real server has Apache 2.0.52 an PHP 4.3.9....
>>Thanks in advance,
>>Descarga gratis la Barra de Herramientas de MSN
Acepta el reto MSN Premium: Protección para tus hijos en internet.
Descárgalo y pruébalo 2 meses gratis.
No virus found in this incoming message.
Checked by AVG Anti-Virus.
Version: 7.0.308 / Virus Database: 266.7.1 - Release Date: 09.03.2005