ID: 30609 Updated by: [EMAIL PROTECTED] Reported By: guillaume dot maes at celeonet dot fr Status: Wont fix Bug Type: cURL related Operating System: Linux PHP Version: 4.3.9 New Comment:
http://www.php.net/~jani/patches/bug30609.patch Previous Comments: ------------------------------------------------------------------------ [2004-11-01 07:56:01] [EMAIL PROTECTED] Yes, you need to configure/install curl not to allow access to the local filesystem. It has a nice configure option for that when you are installing it. ------------------------------------------------------------------------ [2004-11-01 05:14:24] say at no dot to dot spam any solution to this? other then disabling curl ------------------------------------------------------------------------ [2004-10-29 10:43:45] [EMAIL PROTECTED] Sorry, this one should be open =) I do think it should be fixed and no, this is not a cURL problem. ------------------------------------------------------------------------ [2004-10-29 10:21:17] guillaume dot maes at celeonet dot fr Description: ------------ PHP cURL functions bypass open_basedir protection, so users can navigate through filesystem. For example, setting "open_basedir" in php.ini to "/var/www/html" anybody can retrieve "/etc/parla" using cURL functions This vulnerability has been discovered wednesday :http://www.securitytrap.com/mail/bugtraq/2004/Oct/0287.html Reproduce code: --------------- <?php $ch = curl_init("file:///etc/parla"); $file=curl_exec($ch); echo $file ?> Expected result: ---------------- The execution of the file /etc/parla is not allowed because the value of openbase_dir restriction is /var/www/html. Actual result: -------------- The file /etc/parla is executed. If /etc/parla contents : <body><html> Test of vulnerability </html></body> The execution of this code with cURL functions showns the message. ------------------------------------------------------------------------ -- Edit this bug report at http://bugs.php.net/?id=30609&edit=1
