ID: 9353
Updated by: sas
Reported By: [EMAIL PROTECTED]
Old-Status: Open
Status: Closed
Bug Type: Unknown/Other Function
Assigned To:
Comments:
Please check out the security section of the manual,
especially regarding the safe mode feature.
Previous Comments:
---------------------------------------------------------------------------
[2001-02-20 09:26:23] [EMAIL PROTECTED]
Hello,
I have found a bug in PHP 4.01pl2 and maybe it exist in all other php versions too. A
php script can read all files on the system when the read flag for everyone is set for
that file. This code shows the problem:
<?
require('../../../../../../../etc/passwd');
?>
It is not a very serious bug but by reading local files a hacker might get important
information he (or she) could use to hack into the system.
Bye
Sebastian Wolfgarten
---------------------------------------------------------------------------
ATTENTION! Do NOT reply to this email!
To reply, use the web interface found at http://bugs.php.net/?id=9353&edit=2
--
PHP Development Mailing List <http://www.php.net/>
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
