[VIM] clarification of "VihorDesign" (not VihorDesing) issues

Mark J Cox mjc at redhat.com
Mon Mar 27 04:36:28 EST 2006

>  if ($page=="") $page="mainfile.php";
>  ...
>  $fd = fopen($page, "r");
>  while (!feof($fd)) {
>  echo fgets($fd, 10096);
>  }

With PHP <5.0.0 I can't see a way you can get an fopen in PHP to run 
arbitrary code with the default wrappers (unless you've previously defined 
a new handler or perhaps installed a third-party stream wrapper).  Now 
with PHP 5.0.0 you might be able to use the default filter handler 
"php://filter...." to write to a file and perhaps pick one which will 
gets executed (I don't have PHP 5 handy to try it)

This is certainly more useful to an attacker to return arbitrary files 
that the web server can read if safe_mode is off (page=/etc/passwd etc) 
than XSS though.

Mark J Cox / Red Hat Security Response Team

More information about the VIM mailing list