Computer Security
[EN] no-pyccku

PHP read_file safe_mode protection bypass
SecurityVulns ID:7493
Threat Level:
Description:It's possible to bypass protection by using php://../../ prefix to filename.
Affected:PHP : PHP 4.4
 PHP : PHP 5.2
CVE:CVE-2007-1710 (The readfile function in PHP 4.4.4, 5.1.6, and 5.2.1 allows context-dependent attackers to bypass safe_mode restrictions and read arbitrary files by referring to local files with a certain URL syntax instead of a pathname syntax, as demonstrated by a filename preceded a "php://../../" sequence.)
Original documentdocumentxp1o_(at), readfile() Safe Mode Bypass PHP 5.2.1/ 5.1.6 / 4.4.4 (29.03.2007)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod