[27482] in bugtraq


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

Re: phptonuke allows Remote File Retrieving

daemon@ATHENA.MIT.EDU (BlueRaven)
Thu Oct 17 18:24:55 2002

Date: Thu, 17 Oct 2002 09:35:52 +0200
From: BlueRaven <blueraven@libero.it>
To: bugtraq@securityfocus.com
Message-ID: <20021017073552.GB238@shaundakul.my.lan>
Mail-Followup-To: bugtraq@securityfocus.com
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <20021016215010.17992.qmail@linuxmail.org>

On Thu, Oct 17, 2002 at 05:50:10AM +0800, Zero-X ScriptKiddy wrote:
> The file "phptonuke.php" from myphpnuke allows Remote File Retrieving.
> 
> Exploit Example:
> http://website.com/phptonuke.php?filnavn=/etc/passwd

This is not really a specific vulnerability in the application, but a more
general PHP feature: by default, it is possible to open any world readable
file.
You can override this by using openbase_dir setting in php.ini and
restricting file operations to a specified subset of paths.

-- 
BlueRaven

There are only 10 types of people in this world...
those who understand binary, and those who don't.


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[27482] in bugtraq

Re: phptonuke allows Remote File Retrieving

daemon@ATHENA.MIT.EDU (BlueRaven)Thu Oct 17 18:24:55 2002

daemon@ATHENA.MIT.EDU (BlueRaven)
Thu Oct 17 18:24:55 2002