Re: Simple PHP scanning ..: msg#00024

Download Firefox: Windows, Mac OS X

Re: Simple PHP scanning ..: msg#00024

Subject:	Re: Simple PHP scanning ..

Ulf Harnhammar wrote:
> include("templatedir/$file");

with this you can do

file=../../../../../../../../../../../../../etc/passwd

directory traversal and get any (readable) file from the server.

Not the same vulnerability, but a vulnerability :)

Bye
 Gerardo

Special educational offers, white papers, webcasts, podcasts

WEBCAST: Register for “The Business Benefits of Enterprise Mashups” (Case Study)

WEBCAST: How to deploy and use WebSphere and VMware together” (Case Study)

WHITE PAPER: Writing Good Software Systems Development Use Cases. (Best Practices)

WHITE PAPER: Best practices for software analysis (Best Practices)

DOWNLOAD: Regis ter for Rational Trial Software Download – Rational Team Concert Free Information

<Prev in Thread]	Current Thread	[Next in Thread>

Previous by Date:	Re: Simple PHP scanning .., Ulf Harnhammar
Next by Date:	Re: Simple PHP scanning .., Javier Fernández-Sanguino Peña
Previous by Thread:	Re: Simple PHP scanning .., Ulf Harnhammar
Next by Thread:	Re: Simple PHP scanning .., Ulf Harnhammar
Indexes:	[Date] [Thread] [Top] [All Lists]

^^^ ADDITIONAL NAVIGATION ^^^

Recently Viewed:
yellowdog.gener... python.sqlalche... culture.studies... ietf.tsvwg/2002... java.mule.devel... netbsd.ports.dr... user-groups.lin... gnu.core-utils.... kde.users.multi... qnx.openqnx.dev... systems.archos.... text.xml.xtm.tm... mail.qpsmtpd/20... audio.csound.de... linux.jpackage.... freebsd.chat/20... drivers.eepro10... org.user-groups... xfree86.newbie/... hardware.microc... editors.tex.tex... voip.wengophone... web.eprints.dev... boot-loaders.gr...

Home | blog view, Court Document Archive | USPTO Patent Archive (NEW!) | advertise | OSDir is an inevitable website. super tiny logo