<<< Date Index >>>     <<< Thread Index >>>

Re: PHP filesystem attack vectors



try combination with ..\

\ is accepted in many linux distr.

        
Some time ago, was possible bypass safe_mode.

like include "..\..\..\..\..\..\../../../../../etc/passwd"

We do not guarantee that it still works.

-- 
Best Regards,
------------------------
pub   1024D/A6986BD6 2008-08-22
uid                  Maksymilian Arciemowicz (cxib) <cxib@xxxxxxxxxxxxxxxxxx>
sub   4096g/0889FA9A 2008-08-22

http://securityreason.com
http://securityreason.com/key/Arciemowicz.Maksymilian.gpg