tests/include/include_etc_passwd.phpt


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23

--TEST--
Include "../../../../../../../../../../../etc/passwd";
--SKIPIF--
<?php include "../skipifcli.inc"; ?>
--INI--
suhosin.log.syslog=0
suhosin.log.sapi=255
suhosin.log.script=0
suhosin.log.phpscript=0
suhosin.executor.include.whitelist=
suhosin.executor.include.blacklist=
suhosin.executor.include.max_traversal=3
--FILE--
<?php
	$var = dirname(__FILE__)."/../empty.inc";
	include $var;
	echo $value,"\n";
    $var = dirname(__FILE__)."/../../../../../../../../../../../etc/passwd";
    include $var;
?>
--EXPECTF--
value-from-empty.inc
ALERT - Include filename ('%s../../../../../../../../../../../etc/passwd') contains too many '../' (attacker 'REMOTE_ADDR not set', file '%s', line 6)