Just another PHP LFI exploitation method
This article describes a method of taking advantage of a .php script Local File Inclusion vulnerability. It does not describe any vulnerability in the PHP engine itself, nor does it describe any new vulnerability class.
- this method works like a charm on Windows (http://site/?page=C:\Windows\Temp\php<<)
- trick with << in FindFirstFile ftw!
- this method works in some very specific cases on Linux-based OS'es (and doesn't work in other cases)
- GetTempFileName in WinAPI is surprisingly weak
- but mkstemp from GNU lib C is surprisingly strong