RE: PHP Directory Transversal

From: Ravish (ravish_at_xeonext.com)
Date: 03/10/05

  • Next message: AEHeald: "Terminal Services"
    To: "'Andres Molinetti'" <andymolinetti@hotmail.com>, <pen-test@securityfocus.com>
    Date: Thu, 10 Mar 2005 23:01:02 +0530
    
    

    Hello,

    This also depends upon the directory path where the script is being
    executed. You could try adjusting ../ according to the path of your
    script or can also try www.example.com/static.php?page=/etc/passwd

    Regards,
    Ravish
    http://www.xeonext.com

    -----Original Message-----
    From: Andres Molinetti [mailto:andymolinetti@hotmail.com]
    Sent: Thursday, March 10, 2005 7:52 PM
    To: pen-test@securityfocus.com
    Cc: webappsec@securityfocus.com
    Subject: PHP Directory Transversal

    Hi,

    Working on a Web app testing...I have found that the uses the
    so-vulnerable
    method of including files requested by php parameters:

    www.example.com/static.php?page=hello.htm
    (htm files are in /templates dir)

    A the page in the parameter is requested statically, I did a
    www.example.com/static.php?page=../static.php and I got that page source

    code.

    Therefore, I tried doing a
    www.example.com/static.php?page=../../../../../../etc/passwd
    but I get an error saying that file doesn't exist.

    I user the same source code in my server, and I could retrieve the
    file...what can be happening? I don't think it is under a chroot jail...

    I'm working with Apache 2.0.48 and PHP 4.3.4
    and the real server has Apache 2.0.52 an PHP 4.3.9....

    Thanks in advance,
    Andy

    _________________________________________________________________
    Descarga gratis la Barra de Herramientas de MSN
    http://www.msn.es/usuario/busqueda/barra?XAPID=2031&DI=1055&SU=http%3A//
    www.hotmail.com&HL=LINKTAG1OPENINGTEXT_MSNBH


  • Next message: AEHeald: "Terminal Services"

    Relevant Pages