php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #3905 Display of system files
Submitted: 2000-03-23 07:38 UTC Modified: 2000-08-04 11:48 UTC
From: vahidh at ision dot net dot uk Assigned:
Status: Closed Package: Other
PHP Version: 3.0 Latest CVS (23/03/2000) OS: Sun Sparc 2.7
Private report: No CVE-ID: None
 [2000-03-23 07:38 UTC] vahidh at ision dot net dot uk
php4 installed and running on Zeus Webserver 
I have setup the following in php.ini which is setup in /usr/local/php.ini

doc_root=/export/home/
user_dir=/exporrt/home/vahidh
with the following php file
test.php 
 <?php readfile ($file); ?>   

on the browser if i do  test.php?file=/etc/passwd
I can see the contents 
is there anything else I need to add ?


Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2000-03-23 09:00 UTC] vahidh at ision dot net dot uk
configuration line used 
./configure --with-mysql=/usr/local/mysql --enable-force-cgi-redirect --enable-discard-path./configure --with-mysql=/usr/local/mysql --enable-force-cgi-redirect --enable-discard-path
 [2000-08-04 11:48 UTC] hholzgra@php.net
well, php can read and display any files the user
its process runs under has read access to

open_basedir should be the ini setting you are looking for
 
PHP Copyright © 2001-2022 The PHP Group
All rights reserved.
Last updated: Sun May 29 03:03:49 2022 UTC