summaryrefslogtreecommitdiff
path: root/config/default_php8.rules
diff options
context:
space:
mode:
Diffstat (limited to 'config/default_php8.rules')
-rw-r--r--config/default_php8.rules3
1 files changed, 1 insertions, 2 deletions
diff --git a/config/default_php8.rules b/config/default_php8.rules
index 4773b4e..580ba0a 100644
--- a/config/default_php8.rules
+++ b/config/default_php8.rules
@@ -52,8 +52,7 @@ sp.disable_function.function("putenv").param("assignment").value_r("GCONV_").dro
52sp.disable_function.function("extract").param("array").value_r("^_").drop() 52sp.disable_function.function("extract").param("array").value_r("^_").drop()
53sp.disable_function.function("extract").param("flags").value("0").drop() 53sp.disable_function.function("extract").param("flags").value("0").drop()
54 54
55# This is also burned: 55# See https://dustri.org/b/ini_set-based-open_basedir-bypass.html
56# ini_set('open_basedir','..');chdir('..');…;chdir('..');ini_set('open_basedir','/');echo(file_get_contents('/etc/passwd'));
57# Since we have no way of matching on two parameters at the same time, we're 56# Since we have no way of matching on two parameters at the same time, we're
58# blocking calls to open_basedir altogether: nobody is using it via ini_set anyway. 57# blocking calls to open_basedir altogether: nobody is using it via ini_set anyway.
59# Moreover, there are non-public bypasses that are also using this vector ;) 58# Moreover, there are non-public bypasses that are also using this vector ;)