Page 1 of 1

Secure Enough?

Posted: Sun May 11, 2003 3:45 pm
by riley
If I have a template that uses an URL like

http//../template.php?page=newpage.php

is checking to ensure the file exist secure enough to stop harmful hacking to the server?

Code: Select all

if ( !IsSet( $_GETї'page'] ) )$page = 'home.php';

if ( file_exists( $page ) ) {

webstuff here

} else {

echo "NOT Allowed";
}

Posted: Sun May 11, 2003 4:44 pm
by volka
what about
http//../template.php?page=.htpasswd
or
http//../template.php?page=.%2Fsecret%2Fcert.key
?

Posted: Sun May 11, 2003 5:16 pm
by riley
Well I don't know!

I did try the two examples and nothing was returned to the browser. What should I have expected?

Posted: Sun May 11, 2003 5:22 pm
by volka
those were only examples
without further checks the user might get any file the script has access to.
The second evaluates to ./secret/cert.key, I doubt you would be too happy if the user sees that files if it exists ;)

Posted: Mon May 12, 2003 1:52 am
by []InTeR[]
To keep this from happening i:
- allwase ad a exstension.
- and don't allow slashes, backslashes and dots.