Bugtraq mailing list archives

Re: move_uploaded_file breaks safe_mode restrictions in PHP

From: Jedi/Sector One <j () pureftpd org>
Date: Wed, 20 Mar 2002 08:15:38 +0059

On Sun, Mar 17, 2002 at 11:23:34PM +0100, Tozz wrote:

Its possible to circumvent (probadly spelled wrong) PHP safe_mode
restrictions by using move_uploaded_file.


  It may be a bit early to post that on Bugtraq since no official patch has
been released yet.

PHP.net is notified, and the bug has been fixed in CVS. However, I am unable
to compile the CVS version atm. Gives alot of 'make' errors.


  You can always try the current PHP audit project patch, that applies to a
vanilla PHP 4.1.2 release, and that includes a fix for that bug.
  http://phpaudit.42-networks.com/

  Best regards,
  
         -Frank.

-- 
 __  /*-      Frank DENIS (Jedi/Sector One) <j () 42-Networks Com>     -*\  __
 \ '/    <a href="http://www.PureFTPd.Org/";> Secure FTP Server </a>    \' /
  \/  <a href="http://www.Jedi.Claranet.Fr/";> Misc. free software </a>  \/

Current thread:

move_uploaded_file breaks safe_mode restrictions in PHP Tozz (Mar 19)
- Re: move_uploaded_file breaks safe_mode restrictions in PHP Jedi/Sector One (Mar 20)
- <Possible follow-ups>
- Re: move_uploaded_file breaks safe_mode restrictions in PHP sesser (Mar 21)
  - Re: move_uploaded_file breaks safe_mode restrictions in PHP Patrick Oonk (Mar 21)
  - Message not available
    - Re: move_uploaded_file breaks safe_mode restrictions in PHP sesser (Mar 21)
- Re: move_uploaded_file breaks safe_mode restrictions in PHP sesser (Mar 22)