[<prev] [next>] [thread-next>] [day] [month] [year] [list]
From: lostnoobs at security-challenge.com (Nourredine Himeur)
Subject: file_exists() bypassing , critical problem ?
>But all bugs aren't a vulnerability.
I don't thinks , for me , all bugs ARE a vulnerability.
You show only my example but imagine you want to verifie if do this :
http://www.security-challenge.com/123456/outils/source.php
traduct:
Lire une source HTML = Read a HTML source
source.php:
-------------------------------------------------------------------
$contenu = file( $url );
while ( list( $numero_ligne, $ligne ) = each( $contenu ) )
{
echo "<B>Ligne $numero_ligne:</B> ".htmlspecialchars( $ligne ) .
"<br>";
}
-------------------------------------------------------------------
with function file() I show the HTML source
But you don't want ,visitor see the local source of your own file because if
file() open a local file PHP it see the PHP source.
If you used file_exists() to protect your own page , a malicious visitor can
use the vulnerability of this function to see the source php of your own
page.php !!!
You talk only about my example , it's stupid . Every bug are a vulnerability
in informatik.( If a function don't work as good you can exploit it)
You've gone say : "Your code is vulnerable"
For finish with this subject I 'm gone to say (same as securityfocus) :
"Prevent is better to cure"
Nourredine Himeur
www.security-challenge.com
If I had been prevented I shall not have been pirated ...
Powered by blists - more mailing lists