|
|
php.net | support | documentation | report a bug | advanced search | search howto | statistics | random bug | login |
PatchesPull RequestsHistoryAllCommentsChangesGit/SVN commits
[2009-04-30 15:27 UTC] pajoye@php.net
|
|||||||||||||||||||||||||||||||||||||
Copyright © 2001-2024 The PHP GroupAll rights reserved. |
Last updated: Thu Nov 21 12:01:29 2024 UTC |
Description: ------------ safe_mode bypass with a preceding backslash. tested with exec(), system() and passthru(). on windows only. Sorry, I do feel this bug concerns a security issue but I got no response from security@php.net after sending 2 emails from 2 different accounts about 6 weeks ago. Reproduce code: --------------- on commandline: php -n -d safe_mode=on -r "exec('\ping 192.168.222.1');" with PHP script and enabled safe_mode in php.ini: <? exec('\ping 192.168.222.1'); ?> Expected result: ---------------- safe_mode turned on should block code execution from exec() and other functions. Actual result: -------------- By adding a backslash infront of the command the command got executed anyhow.