ID: 46804 Updated by: [EMAIL PROTECTED] Reported By: deminy at deminy dot net -Status: Open +Status: Bogus Bug Type: Filesystem function related Operating System: Ubuntu PHP Version: 5.2.8 New Comment:
Unfortunately obvious coding errors are not PHP bugs. Never ever trust any input without filtering it. Previous Comments: ------------------------------------------------------------------------ [2008-12-09 08:25:13] deminy at deminy dot net 'allow_url_include' has nothing to do with the bug I mentioned. The bug was not introduced because of including a URL using include/require constructs. ------------------------------------------------------------------------ [2008-12-09 04:43:12] crrodriguez at opensuse dot org There is extensive literature out there about this, please do your homework before opening bug reports. ps: use allow_url_include=off to prevent this problem, which is fundamentally a problem in **your code**. ------------------------------------------------------------------------ [2008-12-09 00:57:54] deminy at deminy dot net Description: ------------ One of my web hosts was hacked some time ago. After checking access_log and made some research online, I think it was caused by a security bug in PHP, which may cause some PHP open source programs vulnerable. If a PHP program include a file whose file name is based on user request data (e.g., "include($_REQUEST['lang'] . 'inc.php';"), and '/proc/self/environ' is (accidentally) readable by Apache user on Unix/Linux server, the server is probably vulnerable. Posting related HTTP access log and sample code here may be a threaten to sites built on some PHP open source programs. Please send me an email to request details. Thanks. ------------------------------------------------------------------------ -- Edit this bug report at http://bugs.php.net/?id=46804&edit=1
