PHP :: Bug #3905 :: Display of system files

Bug #3905	Display of system files
Submitted:	2000-03-23 07:38 UTC	Modified:	2000-08-04 11:48 UTC
From:	vahidh at ision dot net dot uk	Assigned:
Status:	Closed	Package:	Other
PHP Version:	3.0 Latest CVS (23/03/2000)	OS:	Sun Sparc 2.7
Private report:	No	CVE-ID:	None

View Developer Edit

[2000-03-23 07:38 UTC] vahidh at ision dot net dot uk

php4 installed and running on Zeus Webserver 
I have setup the following in php.ini which is setup in /usr/local/php.ini

doc_root=/export/home/
user_dir=/exporrt/home/vahidh
with the following php file
test.php 
 <?php readfile ($file); ?>   

on the browser if i do  test.php?file=/etc/passwd
I can see the contents 
is there anything else I need to add ?

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2000-03-23 09:00 UTC] vahidh at ision dot net dot uk

configuration line used 
./configure --with-mysql=/usr/local/mysql --enable-force-cgi-redirect --enable-discard-path./configure --with-mysql=/usr/local/mysql --enable-force-cgi-redirect --enable-discard-path

[2000-08-04 11:48 UTC] hholzgra@php.net

well, php can read and display any files the user
its process runs under has read access to

open_basedir should be the ini setting you are looking for

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2025 The PHP Group All rights reserved.	Last updated: Fri Oct 31 05:00:02 2025 UTC