Posted: Fri Jun 29, 2007 11:02 pm
Use local paths. If you do http, it'll attempt to access it over the network, and Apache will say "DENY!"
A community of PHP developers offering assistance, advice, discussion, and friendship.
http://forums.devnetwork.net/
Code: Select all
header("Content-type: video/x-flv");
$stream = fopen("/home/content/html/chart-room/videos/".$_GET['filename'], "r");
echo fgets($stream);
What would then?feyd wrote:Unless the file is small, a single fgets() won't be enough to finish the file...
Code: Select all
header("Content-type: video/x-flv");
$stream = fopen("/home/content/html/".$_GET['filename'], "rb");
fpassthru($stream);
What would they pass?Ambush Commander wrote:Be careful. What if someone passes "../../../ect/passwd"?
The real question is: Why wouldn't they? Some programmers make stupid mistakes. Some hackers exploit stupid mistakes.JellyFish wrote:What would they pass?Ambush Commander wrote:Be careful. What if someone passes "../../../ect/passwd"?
My question wasn't "why would they pass that" my question is what is it that they would pass, "../../../ect/passwd" isn't really clear to me. Give me more of an example of what your saying by saying "../../../ect/passwd".superdezign wrote:The real question is: Why wouldn't they? Some programmers make stupid mistakes. Some hackers exploit stupid mistakes.JellyFish wrote:What would they pass?Ambush Commander wrote:Be careful. What if someone passes "../../../ect/passwd"?
What would that do?Jcart wrote:?filename=../../../ect/passwd
What are root rights, and what is the Unix password file? What is "Cracking the shell passwords"?Ambush Commander wrote:It's a contrived example, because usually PHP scripts do not have root rights, but what it would essentially do is output the contents of the Unix password file; consequently the data could be used to crack the shell passwords, etc.
Break out of which directory, what's an arbitrary file on my server?Ambush Commander wrote: In general, not checking that $filename == basename($filename) means that a user can break out of the directory and read an arbitrary file on your server.