Security Basics mailing list archives

RE: PHP Security Risk?

From: "AndrewC" <andrew () whirlow plus com>
Date: Thu, 2 Dec 2004 20:12:21 -0000


Most PHP programs with file upload capabilities could allow a remote
attacker to manipulate the program into opening arbitrary files on the
server. A vulnerability in the way file uploads are handled could allow a
remote attacker to gain read access to any file on the server that the user
running the Web server can access (usually "nobody"). This could allow an
attacker to view sensitive information, such as PHP code or database
information. I am not sure of the specifics of PHP 5 but have a look at the
link below for specifics on file upload.

http://uk.php.net/manual/en/features.file-upload.php


Good Luck

Andrew Craig

A+ N+ MCSE CCNA

Current thread:

PHP Security Risk? Stephane Auger (Dec 02)
- Re: PHP Security Risk? John GALLET (Dec 03)
  - Re: PHP Security Risk? Greg Donald (Dec 03)
    - Re: PHP Security Risk? q q (Dec 06)
    - Re: PHP Security Risk? Daniel Rubio (Dec 09)
    - Re: PHP Security Risk? John GALLET (Dec 07)
- Re: PHP Security Risk? Simon (Dec 03)
- RE: PHP Security Risk? AndrewC (Dec 03)
- Re: PHP Security Risk? Andrew Smith (Dec 03)