[Gllug] PHP - no visible directory
Russell Howe
rhowe at siksai.co.uk
Tue Nov 21 23:42:16 UTC 2006
On Tue, Nov 21, 2006 at 11:31:48PM +0000, ft wrote:
> Hello,
>
[...]
> html-link on the website
> <a href="index.php?file=file.pdf">Link for download</a>
>
> PHP-script
> <?
> $dir = "./dir1/dir2/";
> $download = $dir.$file;
ACK ACK ACK
Do not construct paths in this way without at least checking that the
resulting path is not based in $dir!
Also, never ever ever use register_globals!
What if someone asks for
index.php?file=../../../../var/www/somewhere/.htpasswd
You're asking for a directory traversal vulnerability.
Also, just in case you hadn't heard of them, check up on things like
XSS, SQL injection and exploits related to misparsing of obscure
character encodings, to name just a few.
> # What is the command, to send the file to the client?
some form of open(), read() and write(), althoguh no doubt PHP provides
something like sendfile()
> ?>
--
Russell Howe | Why be just another cog in the machine,
rhowe at siksai.co.uk | when you can be the spanner in the works?
-------------- next part --------------
--
Gllug mailing list - Gllug at gllug.org.uk
http://lists.gllug.org.uk/mailman/listinfo/gllug
More information about the GLLUG
mailing list