[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Full-Disclosure] Re: PHP and curl open_basedir still bypassable

To: <full-disclosure@xxxxxxxxxxxxxxxx>
Subject: [Full-Disclosure] Re: PHP and curl open_basedir still bypassable
From: "VeNoMouS" <venom@xxxxxxxxxxx>
Date: Mon, 20 Dec 2004 13:04:32 +1300

I got anonyed that the dev php response to this was curl's issue and to turn 
off curl local file access so here is a hax work around i wrote maybe they will 
get off there arses and submit something like this in the next release.

in  ext/curl/curl.c, add the following to the function 
"PHP_FUNCTION(curl_init)".

char *newurl;

<this goes after the argc check>

newurl=estrndup(Z_STRVAL_PP(url), Z_STRLEN_PP(url));
if(strncmp(newurl,file://,7)==0)
    {
    memmove(newurl,newurl+7,strlen(newurl)-7);
    newurl[strlen(newurl)-7+1]='\0';
    if (php_check_open_basedir(newurl TSRMLS_CC))
        {
        RETURN_FALSE;
        }
    }
  ----- Original Message ----- 
  From: VeNoMouS 
  To: full-disclosure@xxxxxxxxxxxxxxxx 
  Sent: Monday, December 20, 2004 10:19 AM
  Subject: PHP and curl open_basedir still bypassable


  As posted in http://www.securitytracker.com/alerts/2004/Oct/1011984.html

  the open_basedir bypass still exists in the php 4.3.10 and curl-7.12.2, 
anyone seen a patch or anything to get solve this issue?

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Prev by Date: [Full-Disclosure] iDEFENSE Security Advisory 12.20.04: IBM AIX chcod Local Privilege Escalation Vulnerability
Next by Date: Re: [Full-Disclosure] Mailing lists and unsolicited/malicious spam
Previous by thread: [Full-Disclosure] iDEFENSE Security Advisory 12.20.04: IBM AIX chcod Local Privilege Escalation Vulnerability
Next by thread: [Full-Disclosure] Secunia Research: My Firewall Plus Privilege Escalation Vulnerability
Index(es):
- Date
- Thread