- 34,644
- 0
- 18 Дек 2022
- EDB-ID
- 24985
- Проверка EDB
-
- Пройдено
- Автор
- DANIEL FABIAN
- Тип уязвимости
- REMOTE
- Платформа
- PHP
- CVE
- cve-2004-1020
- Дата публикации
- 2004-12-16
PHP 4/5 - 'addslashes()' Null Byte Bypass
Код:
source: https://www.securityfocus.com/bid/11981/info
PHP4 and PHP5 are reported prone to multiple remotely exploitable vulnerabilities. These issue result from insufficient sanitization of user-supplied data. A remote attacker may carry out directory traversal attacks to disclose arbitrary files and upload files to arbitrary locations.
It is reported that these vulnerabilities may only be exploited on Windows.
http://www.example.com/phpscript.php?whatever=../../../../boot.ini%00
http://www.example.com/phpscript.php?whatever=..\'file.ext- Источник
- www.exploit-db.com
