Quote:
|
Originally Posted by DJMaze index.php?page=/usr/etc/passwd%00
This would run as: include("/usr/etc/passwd%00.php");
Issue here is that %00 is NULL aka \0 and a string in C always end a \0.
So in this case it opens '/usr/etc/passwd' and the '.php' is not processed. |
This would require either read access to /etc/passwd by apache/whatever deamon, or fscked up permission flags on /etc/passwd
Usualy you would only allow read access to the directory which your domain is hosted in, thus avoiding inclusion from below web-root