PHP Directory Transversal

From: Andres Molinetti (andymolinetti@hotmail.com)
Date: Thu Mar 10 2005 - 09:22:29 EST

Next message: Felikz: "Re: PHP Directory Transversal"
Previous message: Michel Arboi: "Re: Avoiding Postfix Fingerprinting"
Next in thread: Felikz: "Re: PHP Directory Transversal"
Reply: Felikz: "Re: PHP Directory Transversal"
Reply: David M. Zendzian: "Re: PHP Directory Transversal"
Reply: Cedric Foll: "Re: PHP Directory Transversal"
Reply: Ravish: "RE: PHP Directory Transversal"
Reply: John GALLET: "Re: PHP Directory Transversal"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Hi,

Working on a Web app testing...I have found that the uses the so-vulnerable
method of including files requested by php parameters:

www.example.com/static.php?page=hello.htm
(htm files are in /templates dir)

A the page in the parameter is requested statically, I did a
www.example.com/static.php?page=../static.php and I got that page source
code.

Therefore, I tried doing a
www.example.com/static.php?page=../../../../../../etc/passwd
but I get an error saying that file doesn't exist.

I user the same source code in my server, and I could retrieve the
file...what can be happening? I don't think it is under a chroot jail...

I'm working with Apache 2.0.48 and PHP 4.3.4
and the real server has Apache 2.0.52 an PHP 4.3.9....

Thanks in advance,
Andy

Next message: Felikz: "Re: PHP Directory Transversal"
Previous message: Michel Arboi: "Re: Avoiding Postfix Fingerprinting"
Next in thread: Felikz: "Re: PHP Directory Transversal"
Reply: Felikz: "Re: PHP Directory Transversal"
Reply: David M. Zendzian: "Re: PHP Directory Transversal"
Reply: Cedric Foll: "Re: PHP Directory Transversal"
Reply: Ravish: "RE: PHP Directory Transversal"
Reply: John GALLET: "Re: PHP Directory Transversal"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:54:17 EDT