From: [EMAIL PROTECTED]
Operating system: Linux
PHP version: 4.0.1pl2
PHP Bug Type: Unknown/Other Function
Bug description: Require command reads /etc/passwd
Hello,
I have found a bug in PHP 4.01pl2 and maybe it exist in all other php versions too. A
php script can read all files on the system when the read flag for everyone is set for
that file. This code shows the problem:
<?
require('../../../../../../../etc/passwd');
?>
It is not a very serious bug but by reading local files a hacker might get important
information he (or she) could use to hack into the system.
Bye
Sebastian Wolfgarten
--
Edit Bug report at: http://bugs.php.net/?id=9353&edit=1
--
PHP Development Mailing List <http://www.php.net/>
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
