Re: file_exists() bypassing , critical problem ?

[Jorrit Kronjee <full-disclosure () nospam wafel org>]

Nourredine Himeur wrote:

> > But all bugs aren't a vulnerability.
>
>
> I don't thinks , for me , all bugs ARE a vulnerability.
Your personal opinion doesn't matter, facts do.

> traduct:
> Lire une source HTML  = Read a HTML source
>
> source.php:
> -------------------------------------------------------------------
>    $contenu = file( $url );
>
>     while ( list( $numero_ligne, $ligne ) = each( $contenu ) )
>     {
>         echo "<B>Ligne $numero_ligne:</B> ".htmlspecialchars( $ligne ) .
> "<br>";
>     }
> -------------------------------------------------------------------
> with function file() I show the HTML source
>
> But you don't want ,visitor see the local source of your own file because if
> file() open a local file PHP it see the PHP source.
>
> If you used file_exists() to protect your own page , a malicious visitor can
> use the vulnerability of this function to see the source php of your own
> page.php !!!

It's just the same for not properly escaping single quotes in dynamic 
SQL statements; a vulnerability caused by bad scripting.

I think your only goal here is slandering the PHP folks. Your example is 
just as badly programmed as the previous examples, not to mention the 
fact your example doesn't use file_exists and if it would, how would 
file_exists() protect you from reading PHP documents?

Jorrit

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html