#1 passthru()

[Anonymous]

A user is able to upload a php script, with code like:

<?php passthru('cat /etc/passwd'); ?>

If u click on that file in the left section (the explorer section), the php script will be executed and the /etc/passwd will be showed in the right section. So, a user is able to do all that stuff, which is the user www-data able to do. He is also able to set the rights of specific files on the server or other stuff.

greetz
gEuMa -aka- Stefan Heumader
15.01.2007