sorry..
miss look for "./" prefix in file_exists call. so it will not work after
all.. :-)
On Tue, 31 Oct 2006 18:24:56 +0800, pokley <[EMAIL PROTECTED]>
wrote:
In PHP 5.x file_exists function have support for Protocols/Wrappers .
So setting $chemin to ftp://blablabla
In PHP 5.x file_exists function have support for Protocols/Wrappers .
So setting $chemin to ftp://blablablab.com/ will work in this case
On Tue, 31 Oct 2006 05:18:58 +0800, Tamriel <[EMAIL PROTECTED]> wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
I would quote the whole code arround t
while doing some work using php, i found something interesting which
possibbly can be use to exploit this kind of bug. Instead of injecting
carriage return chr(0x13) you can also inject php terminate code( ?> ) to
stop one line comment (// or #) in php (tested on 5.1.4 on windows).
ex:
O
SCAN Associates Sdn Bhd Security Advisory
Product: Cobalt Qube 3 (Cobalt Linux release 6.0 (Carmel)Kernel 2.2.16C7 on
an i586)
Date: 23rd July 2002
Summary: By pass login
Author: pokleyzz <[EMAIL PROTECTED]>, sk <[EMAIL PROTECTED]>,
shaharil <[EMAIL PROTECTED]>
Description
===
Fir
