RE: PHP Directory Transversal
From: Ravish (ravish_at_xeonext.com)
To: "'Andres Molinetti'" <firstname.lastname@example.org>, <email@example.com> Date: Thu, 10 Mar 2005 23:01:02 +0530
This also depends upon the directory path where the script is being
executed. You could try adjusting ../ according to the path of your
script or can also try www.example.com/static.php?page=/etc/passwd
From: Andres Molinetti [mailto:firstname.lastname@example.org]
Sent: Thursday, March 10, 2005 7:52 PM
Subject: PHP Directory Transversal
Working on a Web app testing...I have found that the uses the
method of including files requested by php parameters:
(htm files are in /templates dir)
A the page in the parameter is requested statically, I did a
www.example.com/static.php?page=../static.php and I got that page source
Therefore, I tried doing a
but I get an error saying that file doesn't exist.
I user the same source code in my server, and I could retrieve the
file...what can be happening? I don't think it is under a chroot jail...
I'm working with Apache 2.0.48 and PHP 4.3.4
and the real server has Apache 2.0.52 an PHP 4.3.9....
Thanks in advance,
Descarga gratis la Barra de Herramientas de MSN