Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

file_exists() bypassing , critical problem ?

From: "Nourredine Himeur" <lostnoobs () security-challenge com>
Date: Mon, 2 Feb 2004 15:45:02 +0100
But all bugs aren't a vulnerability.


I don't thinks , for me , all bugs ARE a vulnerability.

You show only my example but imagine you want to verifie if do this :

http://www.security-challenge.com/123456/outils/source.php

traduct:
Lire une source HTML  = Read a HTML source

source.php:
-------------------------------------------------------------------
   $contenu = file( $url );

    while ( list( $numero_ligne, $ligne ) = each( $contenu ) )
    {
        echo "<B>Ligne $numero_ligne:</B> ".htmlspecialchars( $ligne ) .
"<br>";
    }
-------------------------------------------------------------------
with function file() I show the HTML source

But you don't want ,visitor see the local source of your own file because if
file() open a local file PHP it see the PHP source.

If you used file_exists() to protect your own page , a malicious visitor can
use the vulnerability of this function to see the source php of your own
page.php !!!

You talk only about my example , it's stupid . Every bug are a vulnerability
in informatik.( If a function don't work as good you can exploit it)

You've gone say : "Your code is vulnerable"

For finish with this subject I 'm gone to say (same as securityfocus) :

"Prevent is better to cure"

Nourredine Himeur

www.security-challenge.com

If I had been prevented I shall not have been pirated ...

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
Previous By Date Next
Previous By Thread Next

Current thread: