PHP compress.bzip2:// URL Wrapper safemode and open_basedir Bypass Vulnerability

2007.03.14
Credit: Stefan Esser
Risk: Medium
Local: Yes
Remote: Yes
CWE: N/A

The compress.bzip2:// URL Wrapper defined by the bz2 extension does not perform any safemode or open_basedir checks and therefore allows access to archives outside the basedir or safemode restrictions. No details needed Proof of concept, exploit or instructions to reproduce To test this vulnerability just activate safemode or open_basedir in your configuration and try to access an archive outside the allowed area through the compress.bzip2:// URL Wrapper. Notes Safemode and open_basedir are flawed by design and will always have security holes like this one (or all the local exploits we demonstrated). The security of your server setup should therefore NEVER rely on these directives.


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2021, cxsecurity.com

 

Back to Top