php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #25315 vulnerability in mkdir and other unix-commands!
Submitted: 2003-08-29 13:38 UTC Modified: 2003-08-30 07:20 UTC
From: info at flashman dot ru Assigned:
Status: Not a bug Package: Directory function related
PHP Version: 4.3.1 OS: Linux pr5 2.4.18-3
Private report: No CVE-ID: None
 [2003-08-29 13:38 UTC] info at flashman dot ru
Description:
------------
php function mkdir allows hackers to execute various commands on the server.
Some scripts need a directory name for user. They may enter

'/www/somedir /usr/bin/wget ...'

and command

'/usr/bin/wget somethinghere'

will be executed on the server without problems!
It happens when php calls unix command mkdir.

Regards, Flashman


Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2003-08-29 14:03 UTC] pollita@php.net
Not enough information was provided for us to be able
to handle this bug. Please re-read the instructions at
http://bugs.php.net/how-to-report.php

If you can provide more information, feel free to add it
to this bug and change the status back to "Open".

Thank you for your interest in PHP.

 [2003-08-30 07:20 UTC] sniper@php.net
It's your fault if you pass user input as-is forward to any PHP/your own function/etc.

Definately NOT PHP bug.

 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Sat Dec 21 11:01:30 2024 UTC