PHP 4.x/5.0/5.1 with Sendmail Mail Function - 'additional_param' Arbitrary File Creation

EDB-ID:

27334

CVE:

2006-1015

EDB Verified:

Author:

ced.clerget@free.fr

Type:

local

Exploit: /

Platform:

PHP

Date:

2006-02-28

Vulnerable App:

source: https://www.securityfocus.com/bid/16878/info

PHP is prone to multiple input-validation vulnerabilities that could allow 'safe_mode' and 'open_basedir' security settings to be bypassed. These issues reside in the 'mb_send_mail()' function, the 'mail()' function, and various PHP IMAP functions.

$additional_param = "-C ".$file_to_read." -X ".getcwd()."/".$output_file;

Tags:

Advisory/Source: Link

Databases	Links	Sites	Solutions
Exploits	Search Exploit-DB	OffSec	Courses and Certifications
Google Hacking	Submit Entry	Kali Linux	Learn Subscriptions
Papers	SearchSploit Manual	VulnHub	OffSec Cyber Range
Shellcodes	Exploit Statistics		Proving Grounds
			Penetration Testing Services