header-logo
Suggest Exploit
vendor:
PHP
by:
Unknown
7.5
CVSS
HIGH
open_basedir restriction-bypass
Unknown
CWE
Product Name: PHP
Affected Version From: PHP 4 up to and including 4.4.6, PHP 5 up to and including 5.2.1
Affected Version To: Unknown
Patch Exists: NO
Related CWE:
CPE: php
Metasploit:
Other Scripts:
Platforms Tested:
Unknown

PHP open_basedir Restriction Bypass Vulnerability

The PHP open_basedir restriction-bypass vulnerability allows attackers to access sensitive information or write files in unauthorized locations. This vulnerability is due to a design error. It can be exploited in shared-hosting configurations where multiple users can create and execute arbitrary PHP script code. The 'safe_mode' and 'open_basedir' restrictions are expected to isolate users from each other, but this vulnerability bypasses those restrictions.

Mitigation:

Upgrade to a version of PHP that is not affected by this vulnerability.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/23183/info

PHP is prone to a 'open_basedir' restriction-bypass vulnerability due to a design error.

Successful exploits could allow an attacker to access sensitive information or to write files in unauthorized locations.

This vulnerability would be an issue in shared-hosting configurations where multiple users can create and execute arbitrary PHP script code; in such cases, the 'safe_mode' and 'open_basedir' restrictions are expected to isolate users from each other.

The following versions are vulnerable:

PHP 4 up to and including 4.4.6
PHP 5 up to and including 5.2.1 

<?php
  ini_set("session.save_path", "/sessions/user2/");
  putenv("TMPDIR=/sessions/user2/");
  ini_set("session.save_path", "");
  @session_start();
?>

Navigation

Suggest Exploit

Services By CQR