php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #46799 PHP allow_url_fopen bypass Vulnerability
Submitted: 2008-12-08 18:39 UTC Modified: 2008-12-08 22:26 UTC
Votes:1
Avg. Score:5.0 ± 0.0
Reproduced:0 of 0 (0.0%)
From: gz_wangyu at topsec dot com dot cn Assigned:
Status: Not a bug Package: *URL Functions
PHP Version: 5.2.7 OS: Windows
Private report: No CVE-ID: None
 [2008-12-08 18:39 UTC] gz_wangyu at topsec dot com dot cn
Description:
------------
hi, please Help write the overview.

Reproduce code:
---------------
<?php
include $path."config/config.inc.php";

c:\config\config.inc.php
<?php
echo "ok!";

Expected result:
----------------
http://topsec.com.cn/include.php?path=file:///\\127.0.0.1\c$\

Actual result:
--------------
result:
ok!

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2008-12-08 22:26 UTC] jani@php.net
Sorry, but your problem does not imply a bug in PHP itself.  For a
list of more appropriate places to ask for help using PHP, please
visit http://www.php.net/support.php as this bug system is not the
appropriate forum for asking support questions.  Due to the volume
of reports we can not explain in detail here why your report is not
a bug.  The support channels will be able to provide an explanation
for you.

Thank you for your interest in PHP.


 
PHP Copyright © 2001-2021 The PHP Group
All rights reserved.
Last updated: Tue Aug 03 09:01:23 2021 UTC