lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <217ddf135d067efaa2a032f5dad4b227@mail.ankalagon.ru> Date: Wed, 12 Jan 2011 11:59:35 +0300 From: Владимир Воронцов <vladimir.vorontsov@...ec.ru> To: Full disclosure <full-disclosure@...ts.grok.org.uk> Subject: Oddities of PHP file access in Windows ®. Cheat-sheet [maybe 0day] Hello Full-Disclosure! Abstract Notorious web development language, PHP, is under constant watch of the hackers, security researchers and other persons who just love to tinker around some stuff. Numerous vulnerabilities and bugs of PHP interpreter regularly highlights bug-tracks, wakes up administrators and burdens the minds of web site owners. And we never can know what nifty tricks PHP interpreter had reserved for our next day. In this paper we will describe details about how PHP treats file names on Windows operating systems, regarding the presence of different fuzzy characters Original English article: http://onsec.ru/onsec.whitepaper-02.eng.pdf -- Best regards, Vladimir Vorontsov ONsec security expert _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists