RE: PHP Directory Transversal

From: Ravish (
Date: 03/10/05

  • Next message: AEHeald: "Terminal Services"
    To: "'Andres Molinetti'" <>, <>
    Date: Thu, 10 Mar 2005 23:01:02 +0530


    This also depends upon the directory path where the script is being
    executed. You could try adjusting ../ according to the path of your
    script or can also try


    -----Original Message-----
    From: Andres Molinetti []
    Sent: Thursday, March 10, 2005 7:52 PM
    Subject: PHP Directory Transversal


    Working on a Web app testing...I have found that the uses the
    method of including files requested by php parameters:
    (htm files are in /templates dir)

    A the page in the parameter is requested statically, I did a and I got that page source


    Therefore, I tried doing a
    but I get an error saying that file doesn't exist.

    I user the same source code in my server, and I could retrieve the
    file...what can be happening? I don't think it is under a chroot jail...

    I'm working with Apache 2.0.48 and PHP 4.3.4
    and the real server has Apache 2.0.52 an PHP 4.3.9....

    Thanks in advance,

    Descarga gratis la Barra de Herramientas de MSN

  • Next message: AEHeald: "Terminal Services"