URL Vulnerabilities

Discussions of secure PHP coding. Security in software is important, so don't be afraid to ask. And when answering: be anal. Nitpick. No security vulnerability is too small.

Moderator: General Moderators

Post Reply
Daz
Forum Newbie
Posts: 18
Joined: Thu Mar 19, 2009 2:12 am

URL Vulnerabilities

Post by Daz »

Other than ./ and ../ can anything else be used to relatively browse directory trees?
User avatar
mrvijayakumar
Forum Commoner
Posts: 58
Joined: Tue Aug 18, 2009 12:39 am
Location: Chennai city, India
Contact:

Re: URL Vulnerabilities

Post by mrvijayakumar »

Give full URL. This is another option,

ex: http://www.yourdomain.com/directory/
Daz
Forum Newbie
Posts: 18
Joined: Thu Mar 19, 2009 2:12 am

Re: URL Vulnerabilities

Post by Daz »

mrvijayakumar wrote:Give full URL. This is another option,

ex: http://www.yourdomain.com/directory/
I gotcha, I'm just trying to think of possible attack vectors not-so-nice people could use on my domain.
User avatar
mrvijayakumar
Forum Commoner
Posts: 58
Joined: Tue Aug 18, 2009 12:39 am
Location: Chennai city, India
Contact:

Re: URL Vulnerabilities

Post by mrvijayakumar »

can u tell me clear? i will try to give some alter solution.
User avatar
jackpf
DevNet Resident
Posts: 2119
Joined: Sun Feb 15, 2009 7:22 pm
Location: Ipswich, UK

Re: URL Vulnerabilities

Post by jackpf »

If you use basename() then the current directory can only be used.
Post Reply