ID: 46831 Updated by: il...@php.net Reported By: cmos_clr at hotmail dot com -Status: Open +Status: Feedback Bug Type: Safe Mode/open_basedir Operating System: linux PHP Version: 5.2CVS-2008-12-11 (snap) New Comment:
Where is the security issue, you get an appropriate error about access denied it would seem, no? Previous Comments: ------------------------------------------------------------------------ [2008-12-11 04:36:18] cmos_clr at hotmail dot com Description: ------------ ::_::_::_::_::_::_::_::_::_::_::::_::_::_::_::_::_::_::_::_::_::::_::_::_::_::_::_::_::_::_::_::_:: :: ::Found by : CmOs_CLR & hard_hakerz :: ::MAILS : cmos_...@hotmail.com & hard_hak...@hotmail.com :: ::SITE : wwW.SEC4EVER.coM :: ::-----------ABOUT Software:---------------- :: ::VERSION : PHP 5.2.6 :: ::Vendor : http://www.php.net :: ::------------------------------------------ :: :: ::Responsible Functions : readdir() , realpath() :: ::WHERE IS THE PROBLEM ? :: ::IN SERVERS WITH SAFE MODE ON AND * getmyuid() * DISABLED WE CAN ::BYPASS THIS. :: ::FIRST THIS ERROR WILL RESULT : getmyuid() has been disabled for ::security reasons. :: ::FOR readdir() : :: :: :: <?php :: if ($handle = opendir('.')) { :: while (false !== ($file = readdir($handle))) { :: if ($file != "." && $file != "..") { :: echo "$file\n"; :: } :: } :: closedir($handle); :: } :: ?> :: ::for realpath() : :: :: :: <?php :: echo realpath('/etc/passwd'); :: ?> :: ::THE RESULTAT IS : :: The script whose *uid is 100* is not allowed to access /etc/passwd ::owned by uid 0 in :: /home/*user*/domains/site.com/public_html/function.php on line xx :: ::NOTE : a lot of others function can result this error "getmyuid() ::bypass " un attacker can take a lot of information from this ::error. like is the safe mode activat from http.conf or php.ini? the ::user of a site who? = user of ftp this can simplify a ftpbrute ::forcing only the case of pass because the user is known ......etc ::this error is getmyuid() bypass in disabled fuction . :: :: ::thanks+good luck :: :: :: ------------------------------------------------------------------------ -- Edit this bug report at http://bugs.php.net/?id=46831&edit=1