[VIM] False: ext 1.0 alpha1 (feed-proxy.php) Remote File Disclosure
str0ke
str0ke at milw0rm.com
Thu Apr 26 14:15:59 UTC 2007
On 4/26/07, George A. Theall <theall at tenablesecurity.com> wrote:
> On 04/26/07 09:41, str0ke wrote:
>
> > Tested with php5 + fedora works as well.
>
> Interesting behaviour... it seems to be something special about
> readfile() as replacing that with, say, include(), reports no such file
> / directory.
Yeppers.
Seems readfile doesn't care if local directories exist or not.
getcwd("/var/www/html", 4096) = 14
lstat64("/var", {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0
lstat64("/var/www", {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0
lstat64("/var/www/html", {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0
lstat64("/var/www/html/http", 0xbfb47c6c) = -1 ENOENT (No such file or
directory)
open("/etc/passwd", O_RDONLY) = 3
/str0ke
More information about the VIM
mailing list