PHP Filesystem Attack Vectors @ Ush.it

Posted on July 28, 2009 in Research • Tagged with attack vector, filesystem, PHP • 7 min read

The Ush.it team published the second part of “PHP Filesystem Attack Vectors” paper. The original paper is available here and you can download it here.

PHP filesystem attack vectors - Take Two

 Name              PHP filesystem attack vectors - Take Two
 Systems Affected  PHP and PHP+Suhosin
 Vendor            http://www.php.net/
 Advisory          http://www_ush_it/team/ush/hack-phpfs/phpfs_mad_2.txt
 Authors           Giovanni "evilaliv3" Pellerano (evilaliv3 AT ush DOT it)
                   Antonio "s4tan" Parata (s4tan AT ush DOT it)
                   Francesco "ascii" Ongaro (ascii AT ush DOT it)
                   Alessandro "jekil" Tanasi (alessandro AT tanasi DOT it)
 Date              20090725

I)    Introduction
II)   PHP arbitrary Local File ...

Continue reading