CVE-2010-1130

PHP <5.2.13, 5.3.1 - Info Disclosure

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2010-1130. PoCs published by Grzegorz Stachowiak.

AI-analyzed exploit summary This exploit bypasses PHP's safe_mode restrictions by manipulating the session_save_path to write session files to arbitrary directories. It leverages path traversal to escape intended directory constraints in shared hosting environments.

Description

session.c in the session extension in PHP before 5.2.13, and 5.3.1, does not properly interpret ; (semicolon) characters in the argument to the session_save_path function, which allows context-dependent attackers to bypass open_basedir and safe_mode restrictions via an argument that contains multiple ; characters in conjunction with a .. (dot dot).

Exploits (1)

exploitdb WORKING POC VERIFIED

by Grzegorz Stachowiak · phpdosphp

https://www.exploit-db.com/exploits/33625

View Code ZIP pw:eip

This exploit bypasses PHP's safe_mode restrictions by manipulating the session_save_path to write session files to arbitrary directories. It leverages path traversal to escape intended directory constraints in shared hosting environments.

Classification

Working Poc 90%

Attack Type

Auth Bypass

Complexity

Trivial

Reliability

Reliable

Target: PHP (versions with safe_mode enabled)

No auth needed

Prerequisites: PHP safe_mode enabled · Shared hosting environment with multiple users

MITRE ATT&CK