open_basedir after there may be security risks-vulnerability warning-the black bar safety net

2012-08-22T00:00:00
ID MYHACK58:62201234660
Type myhack58
Reporter 佚名
Modified 2012-08-22T00:00:00

Description

The current php site security configuration is substantially open_basedir+safemode, it is indeed very invincible, very safe, even when permission is not a good environment settings, so the configuration is quite safe, and, of course, does not consider some of the you can bypass. This article discusses two points of the open open_basedir may lead to security risks real encounter, one that may belong to the php of a small bug, the other one may be due to improperly configured produce.

One, open_basedir processed file path when not strictly considering the directory exists, this will lead to local or local file read bypass.

Look at a local file arbitrary read example:

<? php $file = $_GET['file']; preg_match("/^img/", $file) or die('error_file'); $file='/home/www/upload/'.$ file; file_exists($file) or die('no_such_file'); $f = fopen("$file", 'r');

[1] [2] [3] next