The open base directory (open_basedir) in PHP is a security function which is used to define the locations or paths from which the PHP is allowed to access files. The open_basedir function is used to create a whitelist of all the web’s accessible folders. Any request for files outside the open_basedir’s list will be rejected. The open base directory enables the usage of two functions; fopen() and gzopen(). If open_basedir is turned off, the attacker will be able to access any files using PHP. The open_basedir can be found in apache configuration file or httpd.config file with the setting name as php_admin_value open_basedir. Using phpinfo() function an attacker can confirm if the site has disabled or enabled the open base directory. If the open base directory is disabled, he can plan an attacker according to the vulnerability.
Example
The following code is the example of disabled open_basedir.
php_admin_value open_basedir none
Impact
Using this vulnerability, an attacker can:-
- execute any files using PHP.
- perform any attacks to extract sensitive information from the server.
Mitigation / Precaution
Beagle recommends the following fixes:-
- Enable open_basedir.
- Use input filtering methods.
- Use updated versions of PHP.
