Back to list
*Note: Email address will appear as "user domain ext" to prevent harvesting.
(PHP) mb_send_mail security bypass
Feb 28 2006 06:52PM
ced clerget free fr
Vulnerable: PHP4, PHP5
with use of sendmail 8.13.4 ><
When safemode disabled and open_basedir restriction in effect, we can pass extra parameters
to sendmail command in mail function, especially the -C and -X arguments.
-C for alternate configuration file
-X to log all in a file
Can be used to view...
[ more ]
Copyright 2010, SecurityFocus