PHP 4/5 addslashes NULL Byte Bypass

ID EDB-ID:24985
Type exploitdb
Reporter Daniel Fabian
Modified 2004-12-16T00:00:00


PHP 4/5 addslashes() NULL Byte Bypass. CVE-2004-1020. Remote exploit for php platform


PHP4 and PHP5 are reported prone to multiple remotely exploitable vulnerabilities. These issue result from insufficient sanitization of user-supplied data. A remote attacker may carry out directory traversal attacks to disclose arbitrary files and upload files to arbitrary locations.

It is reported that these vulnerabilities may only be exploited on Windows.\'file.ext