Tracker: Bugs
5
passthru() - ID: 1635977
Last Update: Tracker Item Submitted ( nobody )
A user is able to upload a php script, with code like:
<?php passthru('cat /etc/passwd'); ?>
If u click on that file in the left section (the explorer section), the php
script will be executed and the /etc/passwd will be showed in the right
section. So, a user is able to do all that stuff, which is the user
www-data able to do. He is also able to set the rights of specific files on
the server or other stuff.
greetz
gEuMa -aka- Stefan Heumader
15.01.2007
Nobody/Anonymous ( nobody ) - 2007-01-15 15:40
5
Open
None
Nobody/Anonymous
None
v1.0 (example)
Public
Comments
Log in to comment.
No follow-up comments have been posted.
Attached File
No Files Currently Attached
Change
No changes have been made to this artifact.
About SourceForge
Develop Software
Community
Copyright © 2009 Geeknet, Inc. All rights reserved. Terms of Use
