| VID |
22125 |
| Severity |
30 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
WWW |
| Detailed Description |
The file upload capability in PHP versions 3 and 4 allows remote attackers to read arbitrary files by setting hidden form fields whose names match the names of internal PHP script variables.
PHP is a heavy web scripting language that has become widely popular. One of its many features is easy handling of file uploads from remote browsers. This functionality is very commonly used, particularly in photo gallery, auction and webmail style applications.
The way that PHP handles file uploads makes it simple to trick PHP applications into working on arbitrary files local to the server rather than files uploaded by the user. This will generally lead to a remote attacker being able to read any file on the server that can be read by the user the web server is running as, typically 'nobody'.
* Note: This check item solely relied on the version of the PHP to assess this vulnerability, so this might be a false positive.
Platforms Affected:
All versions of PHP which is older than 3.0.17 or 4.0.3
* References:
http://www.iss.net/security_center/static/5190.php
http://online.securityfocus.com/bid/1649 |
| Recommendation |
Upgrade to the latest version, available from the PHP official web site at http://www.php.net/downloads.php
As a workaround, disable any PHP scripts that provide file upload functionality until applying the appropriate patch for your PHP. See also:
http://www.php.net/manual/en/features.file-upload.php |
| Related URL |
CVE-2000-0860 (CVE) |
| Related URL |
(SecurityFocus) |
| Related URL |
(ISS) |
|
