Saturday, February 17, 2007

Update to my previous post :)

Possibility to fetch files such as /etc/passwd'06___Vicente.pdf => Example

Click on the above link to see "Function.fopen"

When it lists out "fopen(/hsphere/local/home/flconf/\'06___Vicente.pdf"

What amount of time will it take for an attacker, to manipulate this function and retrieve critical files as /etc/passwd or /etc/shadow

With this kind of information in hand, the extent of damage that can be done is "maximum"

Documentation for Function.fopen from PHP Website.

Full-Disclosure - We believe in it.

Cheers :)

No comments: