[Owncloud] [URGENT] "movable apps" exploitation
Georg Ehrke
ownclouddev at georgswebsite.de
Mon May 7 11:32:13 UTC 2012
could you define 'don't allow realpath()'
Does realpath just return false / null or will it trigger a PHP Fatal function not found?
Am 07.05.2012 um 13:30 schrieb Florian Hülsmann:
> Thanks :) But there are several shared hosts that don't allow realpath() execution (for "security reasons" -.-), are we gonna support them..?
>
> Florian
>
> Am 07.05.2012 13:25, schrieb Georg Ehrke:
>> It's fixed (https://gitorious.org/owncloud/owncloud/commit/d032345191c57294d5723639f777692c85bd2b1a)
>> It seems like there has been ******* merge conflicts which caused this fail. (I actually fixed this earlier)
>> It should now return a 404.
>>
>> Cheers,
>> Georg
>>
>>
>> Am 07.05.2012 um 13:12 schrieb Florian Hülsmann:
>>
>>> /owncloud/?app=files&getfile=/../../data/bestfriend/files/hack.php
>>>
>>> I don't think I have to be more specific.
>>>
>>> Florian
>>>
>>> --
>>> Florian Hülsmann
>>> <fh at cbix.de>
>>> http://cbix.de
>>> _______________________________________________
>>> Owncloud mailing list
>>> Owncloud at kde.org
>>> https://mail.kde.org/mailman/listinfo/owncloud
>>
>
> --
> Florian Hülsmann
> <fh at cbix.de>
> http://cbix.de
More information about the Owncloud
mailing list