#122 eAccelerator cross open_basedir restriction.

open
nobody
None
5
2005-08-30
2005-08-30
Anonymous
No

Scenario:

RH ES3, Apache (httpd-2.0.46-44.ent), php
(php-4.3.2-23.ent)
All from RPM

Vhost1:
root /www/site1/
open_basedir /www/site1

Vhost2:

root /www/site2/
open_basedir /www/site2

----------------------
The problem:

Let's take any php, for example
/www/site1/includes/mysql.php with mysql conection data
(User, pass, server) used by Vhost1.
IF i make an include from vhost2 of that .php (located
in vhost1 dir and with open_basedir restriction) the
include is done, latter y can print out tha data in the
variables exposing user,pass and server.

Discussion


Log in to post a comment.

Get latest updates about Open Source Projects, Conferences and News.

Sign up for the SourceForge newsletter:

JavaScript is required for this form.





No, thanks