PHP :: Bug #25315 :: vulnerability in mkdir and other unix-commands!

Bug #25315	vulnerability in mkdir and other unix-commands!
Submitted:	2003-08-29 13:38 UTC	Modified:	2003-08-30 07:20 UTC
From:	info at flashman dot ru	Assigned:
Status:	Not a bug	Package:	Directory function related
PHP Version:	4.3.1	OS:	Linux pr5 2.4.18-3
Private report:	No	CVE-ID:	None

View Developer Edit

Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.

Password:

Status:
Package:
Bug Type:
Summary:
From:	info at flashman dot ru
New email:
PHP Version:		OS:

New Comment:

[2003-08-29 13:38 UTC] info at flashman dot ru

Description:
------------
php function mkdir allows hackers to execute various commands on the server.
Some scripts need a directory name for user. They may enter

'/www/somedir /usr/bin/wget ...'

and command

'/usr/bin/wget somethinghere'

will be executed on the server without problems!
It happens when php calls unix command mkdir.

Regards, Flashman

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2003-08-29 14:03 UTC] pollita@php.net

Not enough information was provided for us to be able
to handle this bug. Please re-read the instructions at
http://bugs.php.net/how-to-report.php

If you can provide more information, feel free to add it
to this bug and change the status back to "Open".

Thank you for your interest in PHP.

[2003-08-30 07:20 UTC] sniper@php.net

It's your fault if you pass user input as-is forward to any PHP/your own function/etc.

Definately NOT PHP bug.

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2024 The PHP Group All rights reserved.	Last updated: Sat Dec 21 17:01:58 2024 UTC