Re: phptonuke allows Remote File Retrieving

From: BlueRaven (blueravenat_private)
Date: Thu Oct 17 2002 - 00:35:52 PDT

Next message: Trustix Secure Linux Advisor: "TSLSA-2002-0068-kernel"

Previous message: er t: "PGP Corporation Beta License Agreement"
In reply to: Zero-X ScriptKiddy: "phptonuke allows Remote File Retrieving"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Thu, Oct 17, 2002 at 05:50:10AM +0800, Zero-X ScriptKiddy wrote:
> The file "phptonuke.php" from myphpnuke allows Remote File Retrieving.
> 
> Exploit Example:
> http://website.com/phptonuke.php?filnavn=/etc/passwd

This is not really a specific vulnerability in the application, but a more
general PHP feature: by default, it is possible to open any world readable
file.
You can override this by using openbase_dir setting in php.ini and
restricting file operations to a specified subset of paths.

-- 
BlueRaven

There are only 10 types of people in this world...
those who understand binary, and those who don't.

Next message: Trustix Secure Linux Advisor: "TSLSA-2002-0068-kernel"
Previous message: er t: "PGP Corporation Beta License Agreement"
In reply to: Zero-X ScriptKiddy: "phptonuke allows Remote File Retrieving"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Thu Oct 17 2002 - 14:51:49 PDT