Forbidding access to a directory.
Moderator: General Moderators
- Ambush Commander
- DevNet Master
- Posts: 3698
- Joined: Mon Oct 25, 2004 9:29 pm
- Location: New Jersey, US
I changed my code to this:
It still doesn't appear to work. Am I outputting the file right?
How would you do it?
Code: Select all
header("Content-type: video/x-flv");
$stream = fopen("/home/content/html/chart-room/videos/".$_GET['filename'], "r");
echo fgets($stream);
How would you do it?
Code: Select all
header("Content-type: video/x-flv");
$stream = fopen("/home/content/html/".$_GET['filename'], "rb");
fpassthru($stream);
EDIT: Apparently there's many way's to output a file. file(), fread(), file_get_contents(), etc. But which is best? Which would make my php file act exactly like the video file that it outputs?
- superdezign
- DevNet Master
- Posts: 4135
- Joined: Sat Jan 20, 2007 11:06 pm
- Ambush Commander
- DevNet Master
- Posts: 3698
- Joined: Mon Oct 25, 2004 9:29 pm
- Location: New Jersey, US
- superdezign
- DevNet Master
- Posts: 4135
- Joined: Sat Jan 20, 2007 11:06 pm
My question wasn't "why would they pass that" my question is what is it that they would pass, "../../../ect/passwd" isn't really clear to me. Give me more of an example of what your saying by saying "../../../ect/passwd".superdezign wrote:The real question is: Why wouldn't they? Some programmers make stupid mistakes. Some hackers exploit stupid mistakes.JellyFish wrote:What would they pass?Ambush Commander wrote:Be careful. What if someone passes "../../../ect/passwd"?
- John Cartwright
- Site Admin
- Posts: 11470
- Joined: Tue Dec 23, 2003 2:10 am
- Location: Toronto
- Contact:
- Ambush Commander
- DevNet Master
- Posts: 3698
- Joined: Mon Oct 25, 2004 9:29 pm
- Location: New Jersey, US
It's a contrived example, because usually PHP scripts do not have root rights, but what it would essentially do is output the contents of the Unix password file; consequently the data could be used to crack the shell passwords, etc.
In general, not checking that $filename == basename($filename) means that a user can break out of the directory and read an arbitrary file on your server.
In general, not checking that $filename == basename($filename) means that a user can break out of the directory and read an arbitrary file on your server.
What are root rights, and what is the Unix password file? What is "Cracking the shell passwords"?Ambush Commander wrote:It's a contrived example, because usually PHP scripts do not have root rights, but what it would essentially do is output the contents of the Unix password file; consequently the data could be used to crack the shell passwords, etc.
Break out of which directory, what's an arbitrary file on my server?Ambush Commander wrote: In general, not checking that $filename == basename($filename) means that a user can break out of the directory and read an arbitrary file on your server.
I'm being specific on which things I don't know, I have a lot to learn (of which I like learning).