An attacker forces the server to read sensitive local files, such as /etc/passwd on Linux systems, by using directory traversal: ://vulnerable-site.com The Impact
grep -r "<?php" /var/lib/php/sessions/ | grep -v "serialized" vdesk hangupphp3 exploit
If PHP3’s magic quotes were off, this would read system files. But the real goal was RCE. An attacker forces the server to read sensitive