ID: 9353 Updated by: sas Reported By: [EMAIL PROTECTED] Old-Status: Open Status: Closed Bug Type: Unknown/Other Function Assigned To: Comments: Please check out the security section of the manual, especially regarding the safe mode feature. Previous Comments: --------------------------------------------------------------------------- [2001-02-20 09:26:23] [EMAIL PROTECTED] Hello, I have found a bug in PHP 4.01pl2 and maybe it exist in all other php versions too. A php script can read all files on the system when the read flag for everyone is set for that file. This code shows the problem: <? require('../../../../../../../etc/passwd'); ?> It is not a very serious bug but by reading local files a hacker might get important information he (or she) could use to hack into the system. Bye Sebastian Wolfgarten --------------------------------------------------------------------------- ATTENTION! Do NOT reply to this email! To reply, use the web interface found at http://bugs.php.net/?id=9353&edit=2 -- PHP Development Mailing List <http://www.php.net/> To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]