lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <401EBBE4.9030200@nospam.wafel.org>
From: full-disclosure at nospam.wafel.org (Jorrit Kronjee)
Subject: file_exists() bypassing , critical problem
 ?

Nourredine Himeur wrote:

>>But all bugs aren't a vulnerability.
> 
> 
> I don't thinks , for me , all bugs ARE a vulnerability.
> 
Your personal opinion doesn't matter, facts do.

> 
> traduct:
> Lire une source HTML  = Read a HTML source
> 
> source.php:
> -------------------------------------------------------------------
>    $contenu = file( $url );
> 
>     while ( list( $numero_ligne, $ligne ) = each( $contenu ) )
>     {
>         echo "<B>Ligne $numero_ligne:</B> ".htmlspecialchars( $ligne ) .
> "<br>";
>     }
> -------------------------------------------------------------------
> with function file() I show the HTML source
> 
> But you don't want ,visitor see the local source of your own file because if
> file() open a local file PHP it see the PHP source.
> 
> If you used file_exists() to protect your own page , a malicious visitor can
> use the vulnerability of this function to see the source php of your own
> page.php !!!
> 

It's just the same for not properly escaping single quotes in dynamic 
SQL statements; a vulnerability caused by bad scripting.

I think your only goal here is slandering the PHP folks. Your example is 
just as badly programmed as the previous examples, not to mention the 
fact your example doesn't use file_exists and if it would, how would 
file_exists() protect you from reading PHP documents?

Jorrit


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ