php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #67016 dzkabyle
Submitted: 2014-04-03 23:44 UTC Modified: 2014-04-03 23:48 UTC
From: k4byl3 at gmail dot com Assigned:
Status: Not a bug Package: Website problem
PHP Version: 5.6.0alpha3 OS: windows
Private report: No CVE-ID: None
 [2014-04-03 23:44 UTC] k4byl3 at gmail dot com
Description:
------------
hello php.net team 

i am dzkabyle an i m bug funder 

Email : k4byl3@gmail.com

Test script:
---------------
hello php.net team 

i am dzkabyle an i m bug funder 
recently a have fond vulnerability on your web site and i decide to report them more information here
file : cached.php 
php.net/cached.php
bug is remote file disclosure by manipuling the URL You can disclose all file in  server just like that

http://www.php.net/cached.php?t=1396464012&f=/cached.php

now you can show source code of cached.php file 

Email : k4byl3@gmail.com


Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2014-04-03 23:48 UTC] aharvey@php.net
-Status: Open +Status: Not a bug -Package: *General Issues +Package: Website problem
 [2014-04-03 23:48 UTC] aharvey@php.net
You can also access all of the source code here: https://github.com/php/web-php

This is expected behaviour.
 
PHP Copyright © 2001-2022 The PHP Group
All rights reserved.
Last updated: Thu Dec 08 16:05:52 2022 UTC