Re: move_uploaded_file breaks safe_mode restrictions in PHP

From: Jedi/Sector One (jat_private)
Date: Tue Mar 19 2002 - 23:16:38 PST

Next message: Jon Ribbens: "Re: PHP Net Toolpack: input validation error"

Previous message: Max Speed: "CSS in ikonboard 3.0.1,3.0.2,3.0.3"
In reply to: Tozz: "move_uploaded_file breaks safe_mode restrictions in PHP"
Next in thread: sesserat_private: "Re: move_uploaded_file breaks safe_mode restrictions in PHP"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Sun, Mar 17, 2002 at 11:23:34PM +0100, Tozz wrote:
> Its possible to circumvent (probadly spelled wrong) PHP safe_mode
> restrictions by using move_uploaded_file.

  It may be a bit early to post that on Bugtraq since no official patch has
been released yet.

> PHP.net is notified, and the bug has been fixed in CVS. However, I am unable
> to compile the CVS version atm. Gives alot of 'make' errors.

  You can always try the current PHP audit project patch, that applies to a
vanilla PHP 4.1.2 release, and that includes a fix for that bug.
  http://phpaudit.42-networks.com/

  Best regards,

         -Frank.

-- 
 __  /*-      Frank DENIS (Jedi/Sector One) <j@42-Networks.Com>     -*\  __
 \ '/    <a href="http://www.PureFTPd.Org/"> Secure FTP Server </a>    \' /
  \/  <a href="http://www.Jedi.Claranet.Fr/"> Misc. free software </a>  \/

Next message: Jon Ribbens: "Re: PHP Net Toolpack: input validation error"
Previous message: Max Speed: "CSS in ikonboard 3.0.1,3.0.2,3.0.3"
In reply to: Tozz: "move_uploaded_file breaks safe_mode restrictions in PHP"
Next in thread: sesserat_private: "Re: move_uploaded_file breaks safe_mode restrictions in PHP"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Wed Mar 20 2002 - 23:37:05 PST