Computer Security
[EN] securityvulns.ru no-pyccku


PHP read_file safe_mode protection bypass
Published:29.03.2007
Source:
SecurityVulns ID:7493
Type:local
Threat Level:
6/10
Description:It's possible to bypass protection by using php://../../ prefix to filename.
Affected:PHP : PHP 4.4
 PHP : PHP 5.2
CVE:CVE-2007-1710 (The readfile function in PHP 4.4.4, 5.1.6, and 5.2.1 allows context-dependent attackers to bypass safe_mode restrictions and read arbitrary files by referring to local files with a certain URL syntax instead of a pathname syntax, as demonstrated by a filename preceded a "php://../../" sequence.)
Original documentdocumentxp1o_(at)_msn.com, readfile() Safe Mode Bypass PHP 5.2.1/ 5.1.6 / 4.4.4 (29.03.2007)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod