PHP 5.2.12 / 5.3.1 symlink() open_basedir Bypass

This is exploit from Security Audit Lab - SecurityReason labs. Author : Maksymilian Arciemowicz Script for legal use only. PHP 5.2.12 5.3.1 symlink openbasedir bypass More: SecurityReason '; ifempty$file exit; if!iswritable"." die"not writable directory"; $level=0; for$as=0;$as$fakedep;$as++...

PHP posix_mkfifo()函数绕过open_basedir安全限制漏洞

BUGTRAQ ID: 36554 CVECAN ID: CVE-2009-3558 PHP是广泛使用的通用目的脚本语言，特别适合于Web开发，可嵌入到HTML中。 PHP的posixmkfifo函数中的错误可能允许绕过openbasedir限制。以下是ext/posix/posix.c文件中的有漏洞代码段： PHPFUNCTIONposixmkfifo char path; int pathlen; long mode; int result; if zendparseparametersZENDNUMARGS TSRMLSCC, "sl", &path, &pathlen, &mod...

PHP 5.2.12/5.3.1 symlink() open_basedir bypass

Exploit for unknown platform in category local exploits ============================================== PHP 5.2.12/5.3.1 symlink openbasedir bypass ============================================== Title: PHP 5.2.12/5.3.1 symlink openbasedir bypass CVE-ID: OSVDB-ID: Author: Maksymilian Arciemowicz...

PHP 5.2.12/5.3.1 symlink() open_basedir bypass

No description provided by source. ?php / PHP 5.2.12/5.3.1 symlink openbasedir bypass by Maksymilian Arciemowicz http://securityreason.com/ cxib a.T securityreason d0t com CHUJWAMWMUZG / $fakedir="cx"; $fakedep=16; $num=0; // offset of symlink.$num if!empty$GET'file' $file=$GET'file'; else...

PHP 5.2.125.3.1 - symlink() open_basedir Bypass

PHP 5.2.125.3.1 - symlink openbasedir Bypass This is exploit from Security Audit Lab - SecurityReason labs. Author : Maksymilian Arciemowicz Script for legal use only. PHP 5.2.12 5.3.1 symlink openbasedir bypass More: SecurityReason '; ifempty$file exit; if!iswritable"." die"not writable...

PHP 5.2.12/5.3.1 - 'symlink()' open_basedir Bypass

This is exploit from Security Audit Lab - SecurityReason labs. Author : Maksymilian Arciemowicz Script for legal use only. PHP 5.2.12 5.3.1 symlink openbasedir bypass More: SecurityReason '; ifempty$file exit; if!iswritable"." die"not writable directory"; $level=0; for$as=0;$as$fakedep;$as++...

PHP 5.2.x < 5.2.12 Multiple Vulnerabilities

Binary data 801091.prm...

FreeBSD : php -- multiple vulnerabilities (39a25a63-eb5c-11de-b650-00215c6a37bb)

PHP developers reports : This release focuses on improving the stability of the PHP 5.2.x branch with over 60 bug fixes, some of which are security related. All users of PHP 5.2 are encouraged to upgrade to this release. Security Enhancements and Fixes in PHP 5.2.12 : - Fixed a safemode bypass in...

PHP < 5.2.12 Multiple Vulnerabilities

According to its banner, the version of PHP installed on the remote host is older than 5.2.12. Such versions may be affected by several security issues : - It is possible to bypass the 'safemode' configuration setting using 'tempnam'. CVE-2009-3557 - It is possible to bypass the 'openbasedir'...

php -- multiple vulnerabilities

PHP developers reports: This release focuses on improving the stability of the PHP 5.2.x branch with over 60 bug fixes, some of which are security related. All users of PHP 5.2 are encouraged to upgrade to this release. Security Enhancements and Fixes in PHP 5.2.12: Fixed a safemode bypass in...

PHP open_basedir 权限检查绕过漏洞

No description provided by source...

PHP 5.3.1 open_basedir bypass

hi, in php 5.3.1 security changelog, we can read, that safemode bypass in tempnam has been already fixed. But safemode in 5.3 line is deprecated. We can understand security fix for openbasedir bypass, but not for safemode in 5.3. Annoying is the fact, that exploit for bypass openbasedir or safemo...

PHP 5.2.105.3.0 - ini_restore() Memory Information Disclosure

PHP 5.2.105.3.0 - inirestore Memory Information Disclosure Credit/Author: Maksymilian Arciemowicz from SecurityReason Vulnerable: PHP PHP 5.3 PHP PHP 5.2.10 Debian Linux 5.0 sparc Debian Linux 5.0 s/390 Debian Linux 5.0 powerpc Debian Linux 5.0 mipsel Debian Linux 5.0 mips Debian Linux 5.0 m68k...

PHP tempname()函数绕过safe_mode安全限制漏洞

BUGTRAQ ID: 36555 CVE ID: CVE-2009-3557 PHP是广泛使用的通用目的脚本语言，特别适合于Web开发，可嵌入到HTML中。 PHP的tempnam中的错误可能允许绕过safemode限制。以下是ext/standard/file.c中的有漏洞代码段： PHPFUNCTIONtempnam char dir, prefix; int dirlen, prefixlen; sizet plen; char openedpath; char p; int fd; if zendparseparametersZENDNUMARGS TSRMLSCC, "ss"...

PHP 5.3.x < 5.3.1 Multiple Vulnerabilities

Binary data 5242.prm...

Design/Logic Flaw

The posixmkfifo function in ext/posix/posix.c in PHP before 5.2.12 and 5.3.x before 5.3.1 allows context-dependent attackers to bypass openbasedir restrictions, and create FIFO files, via the pathname and mode arguments, as demonstrated by creating a .htaccess file...

CVE-2009-3558

The posixmkfifo function in ext/posix/posix.c in PHP before 5.2.12 and 5.3.x before 5.3.1 allows context-dependent attackers to bypass openbasedir restrictions, and create FIFO files, via the pathname and mode arguments, as demonstrated by creating a .htaccess file...

CVE-2009-3558

The posixmkfifo function in ext/posix/posix.c in PHP before 5.2.12 and 5.3.x before 5.3.1 allows context-dependent attackers to bypass openbasedir restrictions, and create FIFO files, via the pathname and mode arguments, as demonstrated by creating a .htaccess file...

CVE-2009-3558

CVE-2009-3558 affects PHP up to versions before 5.2.12 and 5.3.x before 5.3.1. The posix_mkfifo function in ext/posix/posix.c allows context-dependent attackers to bypass open_basedir restrictions and create FIFO files by manipulating the pathname and mode arguments (demonstrated by creating a .h...

CVE-2009-3558

The posixmkfifo function in ext/posix/posix.c in PHP before 5.2.12 and 5.3.x before 5.3.1 allows context-dependent attackers to bypass openbasedir restrictions, and create FIFO files, via the pathname and mode arguments, as demonstrated by creating a .htaccess file...