Visit our newest sister site!
Hundreds of free aircraft flight manuals
Civilian • Historical • Military • Declassified • FREE!

TUCoPS :: Web :: PHP :: bt-22102.htm

PHP 5.3.1 open_basedir bypass
PHP 5.3.1 open_basedir bypass
PHP 5.3.1 open_basedir bypass


in php 5.3.1 security changelog, we can read, that safe_mode bypass in tempnam() has been already fixed. But safe_mode in 5.3 line is deprecated. We can understand security fix for open_basedir bypass, but not for safe_mode in 5.3.
Annoying is the fact, that exploit for bypass open_basedir or safe_mode in php 5.3.1 is avaliable in 

we can use symlink trick like in 

The issue has been reported to PHP, but did not obtain a meaningful response.
Very similar issue has been reproted in October 2006 by Stefan Esser (SREASON:1692) 

This issue has been fixed.
Small difference, with this is that we need create fake directories structure.

Maksymilian Arciemowicz

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2015 AOH