PHP ionCube Loader Extension Safe_Mode and Disable_Functions Restriction Bypass Vulnerability
BID:26024
Info
PHP ionCube Loader Extension Safe_Mode and Disable_Functions Restriction Bypass Vulnerability
| Bugtraq ID: | 26024 |
| Class: | Design Error |
| CVE: |
CVE-2007-5447 |
| Remote: | No |
| Local: | Yes |
| Published: | Oct 11 2007 12:00AM |
| Updated: | May 07 2015 05:34PM |
| Credit: | Shinnai is credited with discovering this issue. |
| Vulnerable: |
ionCube ionCube PHP Encoder 6.5 |
| Not Vulnerable: | |
Discussion
PHP ionCube Loader Extension Safe_Mode and Disable_Functions Restriction Bypass Vulnerability
ionCube Loader is prone to a 'safe_mode' and 'disable_functions' restriction-bypass vulnerability. Successful exploits could allow an attacker to bypass the restrictions imposed by both PHP directives and to access arbitrary file contents.
This vulnerability would be an issue in shared-hosting configurations where multiple users can create and execute arbitrary PHP script code; in such cases, the 'safe_mode' restrictions are expected to isolate users from each other.
ionCube 6.5 running on PHP 5.2.4 is affected; other versions may also be vulnerable.
ionCube Loader is prone to a 'safe_mode' and 'disable_functions' restriction-bypass vulnerability. Successful exploits could allow an attacker to bypass the restrictions imposed by both PHP directives and to access arbitrary file contents.
This vulnerability would be an issue in shared-hosting configurations where multiple users can create and execute arbitrary PHP script code; in such cases, the 'safe_mode' restrictions are expected to isolate users from each other.
ionCube 6.5 running on PHP 5.2.4 is affected; other versions may also be vulnerable.
Exploit / POC
PHP ionCube Loader Extension Safe_Mode and Disable_Functions Restriction Bypass Vulnerability
Attackers may exploit this issue by crafting and executing a malicious PHP script.
The following exploit is available:
Attackers may exploit this issue by crafting and executing a malicious PHP script.
The following exploit is available:
Solution / Fix
PHP ionCube Loader Extension Safe_Mode and Disable_Functions Restriction Bypass Vulnerability
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
References
PHP ionCube Loader Extension Safe_Mode and Disable_Functions Restriction Bypass Vulnerability
References:
References:
- ionCube Encoder Product Page (ionCube)