ush.it - a beautiful place

PHP filesystem attack vectors

February 8, 2009 at 3:13 am - Filed under Hacks, Language EN - 6792 words, reading time ~22 minutes - Permalink - Comments

On Apr 07, 2008 I spoke with Kuza55 and Wisec about an attack I found some time before that was a new attack vector for filesystem functions (fopen, (include|require)[_once]?, file_(put|get)_contents, etc) for the PHP language. It was a path normalization issue and I asked them to keep it "secret" [4], this was a good idea cause my analisys was mostly incomplete and erroneous but the idea was good and the bug was real and disposable.

Reed's Alert! Got something burning? Tell USH team.
THP USH Wisec DigitalBullets