ID: 38008 Updated by: [EMAIL PROTECTED] Reported By: david dot hoskovec at atlas dot cz -Status: Open +Status: Bogus Bug Type: *Directory/Filesystem functions Operating System: Windows PHP Version: 5.1.4 New Comment:
Sorry, but your problem does not imply a bug in PHP itself. For a list of more appropriate places to ask for help using PHP, please visit http://www.php.net/support.php as this bug system is not the appropriate forum for asking support questions. Due to the volume of reports we can not explain in detail here why your report is not a bug. The support channels will be able to provide an explanation for you. Thank you for your interest in PHP. Previous Comments: ------------------------------------------------------------------------ [2006-07-05 01:33:39] judas dot iscariote at gmail dot com this is a well known security exploit possible with a lot of languages not only PHP. this is called "Null byte attack". BTW..this is not a bug in PHP, but in your scripts. ------------------------------------------------------------------------ [2006-07-04 20:03:37] david dot hoskovec at atlas dot cz Description: ------------ There is method, what allows to mask filename's ext - security issue in some file-upload scripts. Reproduce code: --------------- <? $filename = "test.php".Chr(0); if(substr($filename , -3)=="php") Die(); // no no, it won't die here ! $fp = FOpen($filename , "w"); FWrite($fp,"<? echo 'bug' ; ?>",4096); FClose($fp); include "test.php"; // THIS WILL PRINT 'bug' !!! (PHP version 5) ?> Expected result: ---------------- FOpen would validate string(attention on null-terminating char) before it uses it and call out a error. ------------------------------------------------------------------------ -- Edit this bug report at http://bugs.php.net/?id=38008&edit=1
