header-logo
Suggest Exploit
vendor:
PHP
by:
Not provided
5.5
CVSS
MEDIUM
Bypass vulnerability
264 (Permissions, Privileges, and Access Control)
CWE
Product Name: PHP
Affected Version From: Not provided
Affected Version To: Not provided
Patch Exists: NO
Related CWE: Not provided
CPE: Not provided
Metasploit:
Other Scripts:
Platforms Tested: Not provided
Not provided

PHP ‘safe_mode’ Restriction-Bypass Vulnerability

The vulnerability allows an attacker to bypass the 'safe_mode' restriction in PHP. By providing a specially crafted session_save_path parameter, an attacker can write session files in arbitrary directions.

Mitigation:

Apply the latest patches or updates provided by the vendor. Ensure that the 'safe_mode' feature is properly configured and tested in shared-hosting environments.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/38182/info

PHP is prone to a 'safe_mode' restriction-bypass vulnerability. Successful exploits could allow an attacker to write session files in arbitrary directions.

This vulnerability would be an issue in shared-hosting configurations where multiple users can create and execute arbitrary PHP script code; the 'safe_mode' restrictions are assumed to isolate users from each other. 

{

session_save_path(";;/byp/;a/../../humhum");
session_start();

}

Navigation

Suggest Exploit

Services By CQR