Page 1 of 1
security
Posted: Sat May 18, 2002 10:40 pm
by hob_goblin
my website has a loophole that lets anyone include any file they want into my little content window,
Code: Select all
echo "$content";
if(isset($f2inc)){
include($f2inc);
}
is what i have now, anybody know what I could do to check that "$f2inc" is a file on my server?
Posted: Sat May 18, 2002 11:25 pm
by EvilWalrus
file_exists() and is_file() should help you
Posted: Sat May 18, 2002 11:49 pm
by hob_goblin
i know about file_exists() and is_file(), i just want to make sure that it is on MY server, not for instance...yahoo, or something
Posted: Sat May 18, 2002 11:53 pm
by jason
hob_goblin wrote:i know about file_exists() and is_file(), i just want to make sure that it is on MY server, not for instance...yahoo, or something
Actually, you don't know about file_exists().
Read
http://ca.php.net/manual/en/function.file-exists.php and in particular, the part that says this:
This function will not work on remote files; the file to be examined must be accessible via the server's filesystem

Posted: Sun May 19, 2002 7:09 am
by volka

you also know the path of your script. Just make sure the requested file is somewhere in this path (or a subdirectory ... or ... or ...)
and if you let them upload files you may use
is_uploaded_file and
move_uploaded_file to move these files to a valid directory in your webspace
Posted: Sun May 19, 2002 1:16 pm
by hob_goblin
heh you make me feel so stupid, I've only used file_exists() to prompt a script to overwrite or rename a file... I never read that much into it
