Full Disclosure mailing list archives
Re: PHP and curl open_basedir still bypassable
From: "VeNoMouS" <venom () gen-x co nz>
Date: Mon, 20 Dec 2004 13:04:32 +1300
I got anonyed that the dev php response to this was curl's issue and to turn off curl local file access so here is a hax work around i wrote maybe they will get off there arses and submit something like this in the next release. in ext/curl/curl.c, add the following to the function "PHP_FUNCTION(curl_init)". char *newurl; <this goes after the argc check> newurl=estrndup(Z_STRVAL_PP(url), Z_STRLEN_PP(url)); if(strncmp(newurl,file://,7)==0) { memmove(newurl,newurl+7,strlen(newurl)-7); newurl[strlen(newurl)-7+1]='\0'; if (php_check_open_basedir(newurl TSRMLS_CC)) { RETURN_FALSE; } } ----- Original Message ----- From: VeNoMouS To: full-disclosure () lists netsys com Sent: Monday, December 20, 2004 10:19 AM Subject: PHP and curl open_basedir still bypassable As posted in http://www.securitytracker.com/alerts/2004/Oct/1011984.html the open_basedir bypass still exists in the php 4.3.10 and curl-7.12.2, anyone seen a patch or anything to get solve this issue?
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- PHP and curl open_basedir still bypassable VeNoMouS (Dec 20)
- <Possible follow-ups>
- Re: PHP and curl open_basedir still bypassable VeNoMouS (Dec 21)