[VIM] Fake - readfile() Safe Mode Bypass PHP 5.2.1/ 5.1.6 / 4.4.4

str0ke str0ke at milw0rm.com
Sat Mar 31 13:36:44 UTC 2007


Got ya brotha.  Removing the exploit #id.

/str0ke

On 3/31/07, GM darkfig <gmdarkfig at gmail.com> wrote:
> The readfile() vulnerability doesn't exists. For example, the poc:
> <?php $file=""; readfile("<? echo \"cx\"; ?>", 3,"php://../../".$file); ?>
>
> Quote from php.net:
> int readfile ( string $filename [, bool $use_include_path [, resource
> $context]] )
>
> The first argument isn't a filename, the second is not a bool (true/false).
> The code quoted by the author is the code of the error_log function,
> not the readfile function. In his poc he just changed the function.
>
> Quote from SecurityReason:
> - --- 2. Exploit ---
> <?php
> $file=""; # FILENAME
> error_log("<? echo \"cx\"; ?>", 3,
> "php://../../".$file);
> ?>
>
> Quote from the fake:
> - --- 2. Exploit ---
> <?php
> $file=""; # FILENAME
> readfile("<? echo \"cx\"; ?>", 3,
> "php://../../".$file);
> ?>
>
> This will not work.
>


More information about the VIM mailing list