Full Disclosure mailing list archives
Re: file_exists() bypassing , critical problem ?
From: <m.esco () wp pl>
Date: Mon, 2 Feb 2004 11:47:46 +0100
It's a very critical bug because a malicious user can use it to bypassing the file_exist() protection on a include() script for example.
I don't think that is critical problem. It is rather bad-programmers
problem. There are various methods for securing file_exists() like e.g.
<?php
// allowing files only from directory /test
$sFileName = $_GET['page'];
// is file name equals XXXXX.XXX pattern
if(preg_match("|[\w\-]+\.[\w]+|i",$sFileName))
{
// check if file exists
if(file_exists("./test/".$sFileName))
{
// open file and stuff
} else
{
// sorry
}
} else
{
// mail the webmaster that someone has tampered the url's
}
?>
That is just one of the sollutions, far from the best one.
There is an article about this here:
http://www.zend.com/zend/art/art-oertli.php
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- file_exists() bypassing , critical problem ? Lost Noobs (Feb 02)
- Re: file_exists() bypassing , critical problem ? m.esco (Feb 02)
- <Possible follow-ups>
- file_exists() bypassing , critical problem ? Nourredine Himeur (Feb 02)
- file_exists() bypassing , critical problem ? Nourredine Himeur (Feb 02)
- Re: Re: file_exists() bypassing , critical problem ? Nourredine Himeur (Feb 02)
- Re: Re: file_exists() bypassing , critical problem ? m.esco (Feb 02)
- Re: Re: file_exists() bypassing , critical problem ? Nourredine Himeur (Feb 02)
- Re: Re: file_exists() bypassing , critical problem ? Stefan Esser (Feb 02)
- Re: file_exists() bypassing , critical problem ? Daniel B (Feb 02)
- Re: Re: file_exists() bypassing , critical problem ? m.esco (Feb 02)
- Message not available
- Re: file_exists() bypassing , critical problem ? Nourredine Himeur (Feb 02)
- Re: Re: file_exists() bypassing , critical problem ? VeNoMouS (Feb 02)