BugTraq
Name:
Email:
*Note: Email address will appear as "user domain ext" to prevent harvesting.
Subject:
Message:
 
(PHP) mb_send_mail security bypass Feb 28 2006 06:52PM
ced clerget free fr
Vulnerable: PHP4, PHP5
with use of sendmail 8.13.4 ><

When safemode disabled and open_basedir restriction in effect, we can pass extra parameters
to sendmail command in mail function, especially the -C and -X arguments.
-C for alternate configuration file
-X to log all in a file
Can be used to view...

[ more ]  
 

Privacy Statement
Copyright 2010, SecurityFocus