php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #25315 vulnerability in mkdir and other unix-commands!
Submitted: 2003-08-29 13:38 UTC Modified: 2003-08-30 07:20 UTC
From: info at flashman dot ru Assigned:
Status: Not a bug Package: Directory function related
PHP Version: 4.3.1 OS: Linux pr5 2.4.18-3
Private report: No CVE-ID: None
View Developer Edit
Welcome! If you don't have a Git account, you can't do anything here.
If you reported this bug, you can edit this bug over here.
(description)
Block user comment
Status: Assign to:
Package:
Bug Type:
Summary:
From: info at flashman dot ru
New email:
PHP Version: OS:

 

 [2003-08-29 13:38 UTC] info at flashman dot ru 
Description:
------------
php function mkdir allows hackers to execute various commands on the server.
Some scripts need a directory name for user. They may enter

'/www/somedir /usr/bin/wget ...'

and command

'/usr/bin/wget somethinghere'

will be executed on the server without problems!
It happens when php calls unix command mkdir.

Regards, Flashman

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2003-08-29 14:03 UTC] pollita@php.net 
Not enough information was provided for us to be able
to handle this bug. Please re-read the instructions at
http://bugs.php.net/how-to-report.php

If you can provide more information, feel free to add it
to this bug and change the status back to "Open".

Thank you for your interest in PHP.
 [2003-08-30 07:20 UTC] sniper@php.net 
It's your fault if you pass user input as-is forward to any PHP/your own function/etc.

Definately NOT PHP bug.
 
PHP Copyright © 2001-2025 The PHP Group
All rights reserved. 		Last updated: Mon Apr 28 05:01:28 2025 UTC