ID: 46804 Comment by: crrodriguez at opensuse dot org Reported By: deminy at deminy dot net Status: Open Bug Type: Filesystem function related Operating System: Ubuntu PHP Version: 5.2.8 New Comment:
There is extensive literature out there about this, please do your homework before opening bug reports. ps: use allow_url_include=off to prevent this problem, which is fundamentally a problem in **your code**. Previous Comments: ------------------------------------------------------------------------ [2008-12-09 00:57:54] deminy at deminy dot net Description: ------------ One of my web hosts was hacked some time ago. After checking access_log and made some research online, I think it was caused by a security bug in PHP, which may cause some PHP open source programs vulnerable. If a PHP program include a file whose file name is based on user request data (e.g., "include($_REQUEST['lang'] . 'inc.php';"), and '/proc/self/environ' is (accidentally) readable by Apache user on Unix/Linux server, the server is probably vulnerable. Posting related HTTP access log and sample code here may be a threaten to sites built on some PHP open source programs. Please send me an email to request details. Thanks. ------------------------------------------------------------------------ -- Edit this bug report at http://bugs.php.net/?id=46804&edit=1
