preg_replace with $_GET ..

Discussions of secure PHP coding. Security in software is important, so don't be afraid to ask. And when answering: be anal. Nitpick. No security vulnerability is too small.

Moderator: General Moderators

Post Reply
Devil-00
Forum Newbie
Posts: 1
Joined: Mon Jul 23, 2007 4:47 am

preg_replace with $_GET ..

Post by Devil-00 »

Peace ,

First sorry for my poor english :D , but i wish to understand me ..

Code: Select all

$file = $_GET['file'];
$file = preg_replace("/\.\./", '', $file);
this is a code i doing my test on it , and when the link like that

Code: Select all

/test.php?file={${phpinfo()}}
... everything is okay

but when i change the source code to

Code: Select all

//$file = $_GET['file'];
$file = "{${phpinfo()}}";
$file = preg_replace("/\.\./", '', $file);
i can see my phpinfo for my own local host ..

so , if i work with first code any danger from hackers ?
Last edited by Devil-00 on Tue Jul 24, 2007 5:21 am, edited 1 time in total.
miro_igov
Forum Contributor
Posts: 485
Joined: Fri Mar 31, 2006 5:06 am
Location: Bulgaria

Post by miro_igov »

Code: Select all

$file = '{${phpinfo()}}';
Otherwise the ${} is evaluated.
User avatar
superdezign
DevNet Master
Posts: 4135
Joined: Sat Jan 20, 2007 11:06 pm

Post by superdezign »

Any danger from hackers? Yes. Actually, you've even got "danger" from people who are just bad at re-typing URLs that they've seen. Hopefully, you are doing more validation of the GET variable than that.
Post Reply