[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: PHP filesystem attack vectors

try combination with ..\

\ is accepted in many linux distr.

Some time ago, was possible bypass safe_mode.

like include "..\..\..\..\..\..\../../../../../etc/passwd"

We do not guarantee that it still works.

Best Regards,
pub   1024D/A6986BD6 2008-08-22
uid                  Maksymilian Arciemowicz (cxib) <cxib@xxxxxxxxxxxxxxxxxx>
sub   4096g/0889FA9A 2008-08-22