PHP Directory Transversal

• Previous message: Michel Arboi: "Re: Avoiding Postfix Fingerprinting"
• Next in thread: Felikz: "Re: PHP Directory Transversal"
• Reply: Felikz: "Re: PHP Directory Transversal"
• Reply: David M. Zendzian: "Re: PHP Directory Transversal"
• Reply: Cedric Foll: "Re: PHP Directory Transversal"
• Reply: Ravish: "RE: PHP Directory Transversal"
• Reply: John GALLET: "Re: PHP Directory Transversal"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

To: pen-test@securityfocus.com
Date: Thu, 10 Mar 2005 14:22:29 +0000

Hi,

Working on a Web app testing...I have found that the uses the so-vulnerable
method of including files requested by php parameters:

www.example.com/static.php?page=hello.htm
(htm files are in /templates dir)

A the page in the parameter is requested statically, I did a
www.example.com/static.php?page=../static.php and I got that page source
code.

Therefore, I tried doing a
www.example.com/static.php?page=../../../../../../etc/passwd
but I get an error saying that file doesn't exist.

I user the same source code in my server, and I could retrieve the
file...what can be happening? I don't think it is under a chroot jail...

I'm working with Apache 2.0.48 and PHP 4.3.4
and the real server has Apache 2.0.52 an PHP 4.3.9....

Thanks in advance,
Andy

_________________________________________________________________
Descarga gratis la Barra de Herramientas de MSN
http://www.msn.es/usuario/busqueda/barra?XAPID=2031&DI=1055&SU=http%3A//www.hotmail.com&HL=LINKTAG1OPENINGTEXT_MSNBH

• Previous message: Michel Arboi: "Re: Avoiding Postfix Fingerprinting"
• Next in thread: Felikz: "Re: PHP Directory Transversal"
• Reply: Felikz: "Re: PHP Directory Transversal"
• Reply: David M. Zendzian: "Re: PHP Directory Transversal"
• Reply: Cedric Foll: "Re: PHP Directory Transversal"
• Reply: Ravish: "RE: PHP Directory Transversal"
• Reply: John GALLET: "Re: PHP Directory Transversal"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages Help with php5 install under windows ... This includes moving php from the ... Enable the PHP scripting language engine under Apache. ... or per-virtualhost web server configuration file. ... The PHP directives register_globals, ... (php.general) RE: Virtual hosts and PHP "downloads": php5 and apache22 on FreeBSD6.1-STABLE ... Apache web server. ... Subject: Virtual hosts and PHP "downloads": php5 and apache22 on ... (freebsd-questions) Re: HELP: send binary replies back and forth ??? ... > My php application needs to do the following: ... > My PHP script loops through all records and sends each of them ONE BY ONE. ... > other than to be able to communicate with apache. ... All communication is binary because the connection used is pricy and ... (comp.lang.php) Re: PHP Tutorials ... >> In this tutorial we assume that your server has activated support for PHP ... install a web server locally (not just Apache). ... (comp.lang.php) Re: Virtual hosts and PHP "downloads": php5 and apache22 on FreeBSD6.1-STABLE ... Apache web server. ... Subject: Virtual hosts and PHP "downloads": php5 and apache22 on ... (freebsd-questions)