Edit report at https://bugs.php.net/bug.php?id=67036&edit=1
ID: 67036 Updated by: [email protected] Reported by: ghulianisikh at gmail dot com Summary: Local File Inclusion Vulnerability on php.net -Status: Open +Status: Not a bug -Type: Security +Type: Bug Package: Website problem PHP Version: Irrelevant Block user comment: N Private report: Y New Comment: Thank you for taking the time to write to us, but this is not a bug. Please double-check the documentation available at http://www.php.net/manual/ and the instructions on how to report a bug at http://bugs.php.net/how-to-report.php PHP website sources are public. Previous Comments: ------------------------------------------------------------------------ [2014-04-06 15:56:47] ghulianisikh at gmail dot com Description: ------------ Hey, While pentesting http://php.net/ , i found a critical LFI (Local File Inclusion) Vulnerability . This vulnerability leads to disclose source code of any php file on the server. Following are the details: This is the url that is vulnerable to LFI . Fow example: http://in3.php.net/cached.php?f=index.php http://in3.php.net/cached.php?f=downloads.php I was also able to grab source of pear directory index page. http://in3.php.net/cached.php?f=pear/index.php [Right Click -> View Source] Please let me know if you need any help with reproduction of bug. Thank You ! ------------------------------------------------------------------------ -- Edit this bug report at https://bugs.php.net/bug.php?id=67036&edit=1 -- PHP Webmaster List Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
