Page 3 of 4

Posted: Fri Jun 29, 2007 11:02 pm
by Ambush Commander
Use local paths. If you do http, it'll attempt to access it over the network, and Apache will say "DENY!"

Posted: Fri Jun 29, 2007 11:33 pm
by JellyFish
I changed my code to this:

Code: Select all

header("Content-type: video/x-flv");
		
$stream = fopen("/home/content/html/chart-room/videos/".$_GET['filename'], "r");
		
echo fgets($stream);
It still doesn't appear to work. Am I outputting the file right?

How would you do it?

Posted: Fri Jun 29, 2007 11:52 pm
by feyd
Unless the file is small, a single fgets() won't be enough to finish the file...

Posted: Fri Jun 29, 2007 11:57 pm
by JellyFish
feyd wrote:Unless the file is small, a single fgets() won't be enough to finish the file...
What would then?

Posted: Sat Jun 30, 2007 5:50 am
by Weirdan
a loop with fgets inside. Or fread (since you're reading binary file).

Posted: Sun Jul 01, 2007 1:33 am
by JellyFish

Code: Select all

header("Content-type: video/x-flv");
		
$stream = fopen("/home/content/html/".$_GET['filename'], "rb");

fpassthru($stream);
This seems to work. Although is this a good way to do it? I think it might be making the video player act funky.

EDIT: Apparently there's many way's to output a file. file(), fread(), file_get_contents(), etc. But which is best? Which would make my php file act exactly like the video file that it outputs?

Posted: Sun Jul 01, 2007 6:17 am
by superdezign
There are different methods because they do different things. Try them.

Posted: Sun Jul 01, 2007 8:46 am
by Ambush Commander
Be careful. What if someone passes "../../../ect/passwd"?

Posted: Sun Jul 01, 2007 4:48 pm
by JellyFish
Ambush Commander wrote:Be careful. What if someone passes "../../../ect/passwd"?
What would they pass?

Posted: Sun Jul 01, 2007 5:30 pm
by superdezign
JellyFish wrote:
Ambush Commander wrote:Be careful. What if someone passes "../../../ect/passwd"?
What would they pass?
The real question is: Why wouldn't they? Some programmers make stupid mistakes. Some hackers exploit stupid mistakes. ;)

Posted: Sun Jul 01, 2007 5:43 pm
by JellyFish
superdezign wrote:
JellyFish wrote:
Ambush Commander wrote:Be careful. What if someone passes "../../../ect/passwd"?
What would they pass?
The real question is: Why wouldn't they? Some programmers make stupid mistakes. Some hackers exploit stupid mistakes. ;)
My question wasn't "why would they pass that" my question is what is it that they would pass, "../../../ect/passwd" isn't really clear to me. Give me more of an example of what your saying by saying "../../../ect/passwd". :)

Posted: Sun Jul 01, 2007 5:47 pm
by John Cartwright
?filename=../../../ect/passwd

Posted: Mon Jul 02, 2007 3:34 pm
by JellyFish
Jcart wrote:?filename=../../../ect/passwd
What would that do?

Posted: Mon Jul 02, 2007 3:38 pm
by Ambush Commander
It's a contrived example, because usually PHP scripts do not have root rights, but what it would essentially do is output the contents of the Unix password file; consequently the data could be used to crack the shell passwords, etc.

In general, not checking that $filename == basename($filename) means that a user can break out of the directory and read an arbitrary file on your server.

Posted: Mon Jul 02, 2007 3:49 pm
by JellyFish
Ambush Commander wrote:It's a contrived example, because usually PHP scripts do not have root rights, but what it would essentially do is output the contents of the Unix password file; consequently the data could be used to crack the shell passwords, etc.
What are root rights, and what is the Unix password file? What is "Cracking the shell passwords"?
Ambush Commander wrote: In general, not checking that $filename == basename($filename) means that a user can break out of the directory and read an arbitrary file on your server.
Break out of which directory, what's an arbitrary file on my server?

I'm being specific on which things I don't know, I have a lot to learn (of which I like learning). :)