[Full-Disclosure] Re: PHP and curl open_basedir still bypassable

VeNoMouS Tue, 21 Dec 2004 02:06:33 -0800

I got anonyed that the dev php response to this was curl's issue and to turn off curl local file access so here is a hax work around i wrote maybe they will get off there arses and submit something like this in the next release.

in ext/curl/curl.c, add the following to the function "PHP_FUNCTION(curl_init)".

char *newurl;

newurl=estrndup(Z_STRVAL_PP(url), Z_STRLEN_PP(url));

if(strncmp(newurl,file://,7)==0)

{

memmove(newurl,newurl+7,strlen(newurl)-7);

newurl[strlen(newurl)-7+1]='\0';

if (php_check_open_basedir(newurl TSRMLS_CC))

{

RETURN_FALSE;

}

----- Original Message -----

From: VeNoMouS

To: [EMAIL PROTECTED]

Sent: Monday, December 20, 2004 10:19 AM

Subject: PHP and curl open_basedir still bypassable

As posted in http://www.securitytracker.com/alerts/2004/Oct/1011984.html

the open_basedir bypass still exists in the php 4.3.10 and curl-7.12.2, anyone seen a patch or anything to get solve this issue?

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

[Full-Disclosure] Re: PHP and curl open_basedir still bypassable

Reply via email to