Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:16388
HistoryMar 17, 2007 - 12:00 a.m.

MOPB-21-2007:PHP compress.bzip2:// URL Wrapper safemode and open_basedir Bypass Vulnerability

2007-03-1700:00:00
vulners.com
12
JSON

Summary

The compress.bzip2:// URL Wrapper defined by the bz2 extension does not perform any safemode or open_basedir checks and therefore allows access to archives outside the basedir or safemode restrictions.
Affected versions

Affected is PHP <= 5.2.1
Detailed information

No details needed
Proof of concept, exploit or instructions to reproduce

To test this vulnerability just activate safemode or open_basedir in your configuration and try to access an archive outside the allowed area through the compress.bzip2:// URL Wrapper.
Notes

Safemode and open_basedir are flawed by design and will always have security holes like this one (or all the local exploits we demonstrated). The security of your server setup should therefore NEVER rely on these directives.

JSON