Oddities of PHP file access in Windows

Nytro · March 25, 2011

Oddities of PHP file access in Windows

Abstract

Notorious web development language, PHP, is under constant watch of the hackers, security

researchers and other persons who just love to tinker around some stuff. Numerous vulnerabilities and

bugs of PHP interpreter regularly highlights bug-tracks, wakes up administrators and burdens the minds

of web site owners. And we never can know what nifty tricks PHP interpreter had reserved for our next

day. In this paper we will describe details about how PHP treats file names on Windows operating

systems, regarding the presence of different fuzzy characters.

Contents
1. The prologue of current research...........................................................................................................4
2. Investigating our fuzzing results............................................................................................................5
3. Collecting together all the known tricks to access files in Windows.....................................................9
4. More exploitation variations................................................................................................................13
5. Conclusion..........................................................................................................................................14
6. References...........................................................................................................................................15

Download:

http://onsec.ru/onsec.whitepaper-02.eng.pdf

Sign In

Oddities of PHP file access in Windows

Recommended Posts

Nytro

Join the conversation

Browse

Activity

Pages