This repository has been archived by the owner on Sep 28, 2023. It is now read-only.

Vulnerability : file inclusion on "extra options" #20

Open

GoogleCodeExporter opened this issue Mar 31, 2015 · 1 comment

Labels

auto-migrated Priority-High Security Type-Defect

GoogleCodeExporter commented Mar 31, 2015

format = crypt / des
extraoption = /etc/shadow
*AND*
php is root (should NOT happen)
=> possible to crack local hashs

possible fixs :
- blacklist /etc/shadow (but BL is generally bad idea)
- force startswith '-'
- other ideas welcome

This might concern other files that contain hashs

Original issue reported on code.google.com by christian.kungler on 12 Jun 2013 at 2:28

The text was updated successfully, but these errors were encountered:

GoogleCodeExporter added auto-migrated Type-Defect Priority-High Security labels

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.