[VIM] clarification of "VihorDesign" (not VihorDesing) issues
Mark J Cox
mjc at redhat.com
Mon Mar 27 04:36:28 EST 2006
> if ($page=="") $page="mainfile.php";
> ...
> $fd = fopen($page, "r");
> while (!feof($fd)) {
> echo fgets($fd, 10096);
> }
With PHP <5.0.0 I can't see a way you can get an fopen in PHP to run
arbitrary code with the default wrappers (unless you've previously defined
a new handler or perhaps installed a third-party stream wrapper). Now
with PHP 5.0.0 you might be able to use the default filter handler
"php://filter...." to write to a file and perhaps pick one which will
gets executed (I don't have PHP 5 handy to try it)
This is certainly more useful to an attacker to return arbitrary files
that the web server can read if safe_mode is off (page=/etc/passwd etc)
than XSS though.
Mark
--
Mark J Cox / Red Hat Security Response Team
More information about the VIM
mailing list