[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
From: m.esco at wp.pl (m.esco@...pl)
Subject: file_exists() bypassing , critical problem ?
> It's a very critical bug because a malicious user can use it to bypassing
> the file_exist() protection on a include() script for example.
I don't think that is critical problem. It is rather bad-programmers
problem. There are various methods for securing file_exists() like e.g.
<?php
// allowing files only from directory /test
$sFileName = $_GET['page'];
// is file name equals XXXXX.XXX pattern
if(preg_match("|[\w\-]+\.[\w]+|i",$sFileName))
{
// check if file exists
if(file_exists("./test/".$sFileName))
{
// open file and stuff
} else
{
// sorry
}
} else
{
// mail the webmaster that someone has tampered the url's
}
?>
That is just one of the sollutions, far from the best one.
There is an article about this here:
http://www.zend.com/zend/art/art-oertli.php
Powered by blists - more mailing lists