Visit our newest sister site!
Hundreds of free aircraft flight manuals
Civilian • Historical • Military • Declassified • FREE!

TUCoPS :: Web :: PHP :: web5022.htm

chuid (PHP) - unsecured owner changes are possible
23th Jan 2002 [SBWID-5022]

	unsecured owner changes are possible





	Roman Ivanov found two bugs on chuid.

	Chuid is is a small  program  to  solve  a  problem  created  by  PHP\'s
	safe_mode, which makes  it  so  that  non-webserver  owned  PHP  scripts
	can\'t accept file uploads. It solves this dilemma by allowing files  in
	a  compile  time  specified  upload  directory  to  be  re-owned  by  an
	arbitrary user, thus allowing  PHP  scripts  to  make  use  of  uploaded

	First bug : it is possible to go out of upload  directory  using  \"..\"
	Second bug : root and webserver owned files may also be re-owned


	Ugrade to latest version



TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2015 AOH