At 12:36 11/12/2001, Mathieu Kooiman wrote: >On Tue, 2001-12-11 at 11:29, Zeev Suraski wrote: > > Would the cwd of the PHP CGI be inside the user's dir? Did you test it in > > a real CGI environment? > > > > Zeev > >Err, PHP CGI would be in /usr/local/bin/php..
Yeah, but that's not what I asked - I asked about the cwd (current working directory :) >'Wouter' tells me he has tested it in a real CGI environment. This is exploitable iff the cwd of PHP when running as a CGI is a directory under the user's control. Zeev -- PHP Development Mailing List <http://www.php.net/> To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
