CVE-2010-1130
CVE-2010-1130
session.c in the session extension in PHP before 5.2.13, and 5.3.1, does not properly interpret ; (semicolon) characters in the argument to the session_save_path function, which allows context-dependent attackers to bypass open_basedir and safe_mode restrictions via an argument that contains multiple ; characters in conjunction with a .. (dot dot).
Affected products
n/a · n/apublic PoCs found — 1
exploitdbwww.exploit-db.com/exploits/33625unverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
http://secunia.com/advisories/38708http://securityreason.com/achievement_securityalert/82http://securityreason.com/securityalert/7008http://securitytracker.com/id?1023661http://svn.php.net/viewvc/php/php-src/branches/PHP_5_2/ext/session/session.c?r1=293036&r2=294272http://svn.php.net/viewvc/php/php-src/branches/PHP_5_2/ext/session/session.c?view=loghttp://svn.php.net/viewvc/php/php-src/branches/PHP_5_3/ext/session/session.c?r1=293036&r2=294272http://svn.php.net/viewvc/php/php-src/branches/PHP_5_3/ext/session/session.c?view=loghttp://www.php.net/ChangeLog-5.phphttp://www.php.net/releases/5_2_13.phphttp://www.vupen.com/english/advisories/2010/0479