For free time that I don’t have

Hello everybody , after a insufferable weak that I complain with , I’m here to post up the blog , I’ve recently been occupied by penetration test on some web applications , while these days I’ve frequently seen several bypasses for php and I just wondered , the vulnerabilities are advancing coming out faster than I thought they would , see the change log of php 5.2.12 :

# Fixed a safe_mode bypass in tempnam()
# Fixed a open_basedir bypass in posix_mkfifo()

By the way the php’s quote ,

All users of PHP 5.2 are encouraged to upgrade to this release

However the story didn’t end here , we would see a new bypass in latest version , PHP 5.2.12/5.3.1 symlink() open_basedir bypass !
Meanwhile , two days ago , new bug has been found in cPanel which allows somebody to bypass the safe mode or any impermissible file .
Allocated link due this security hole :

http://securityreason.com/exploitalert/7740

If you take a look , you realize that it’s such a cryptic text ( because of his bad English and explanation ( his speech ain’t specifically clear ) .
Considering to the article at securityreason.com at beginning these two commands have to be executed :

ln -s /etc/passwd t.xt
tar -zcf red.tar.gz t.txt

Note that it doesn’t make any difference that where has the command been executed , we need to that gz file containing the t.txt which linked to the file we aimed to read , at this case passwd file .
During this article the passwd file is supposed to be an inaccessible by any owner in shell script , so after creating the file mentioned above , we have to gain the cPanel password of the any user located on the server . I ain’t gonna throw this subject and assume that the access is granted !
All have to be done is just logging into cPanel by the valid credential you’ve gotten , uploading the red.tar.gz and extracting it by cPanel , when you open the t.txt you will see the passwd file loaded there !
I recorded tutorial clip for the better concept , loading here , I hope you find it useful , be safe !

Bypassing, General, Hacking, PHP, Security Cpanel Bypass Safe mode [ extract tar.gz by Cpanel ], open_basedir, PHP 5.2.11/5.3.0 Multiple Vulnerabilities, PHP 5.2.12/5.3.1 symlink() open_basedir bypass, posix_mkfifo(), Safe mode bypass, symlink(), tempnam()