ID: 32836 Comment by: slavi at imperia dot net Reported By: kkrusteff at intergenia dot de Status: Open Bug Type: Unknown/Other Function Operating System: linux PHP Version: 4.3.10 New Comment:
See "#29949 Relative include() sometimes works as expected." ( http://bugs.php.net/bug.php?id=29949 ) I think it describes the same problem. Previous Comments: ------------------------------------------------------------------------ [2005-04-26 13:58:31] kkrusteff at intergenia dot de Description: ------------ Frequently used way to include lang file include("./lang/login.php.$_REQUEST["lang"]); The problem is if in URL use lang=../../../../../../../../../../etc/hosts and we get the host file from computer. Reproduce code: --------------- <?PHP include("./lang/login.php.../../../../../../../../../../etc/hosts"); ?> //or <?php include("./lang/login.php.../../../../../../../../../etc/hosts"); ?> //that's will show the host file Expected result: ---------------- file not found Actual result: -------------- that's will show the host file or other file .. if you know the path ------------------------------------------------------------------------ -- Edit this bug report at http://bugs.php.net/?id=32836&edit=1
