Menu
My friend found a problem in my script, it gives acces to root files.
This url gives passwd file:
http://site.com/attachment.php?file=../../../../../../etc/passwd
How to escape this security hole?
831
PHP is as secure as any other major language. PHP is as secure as any major server-side language. With the new PHP frameworks and tools introduced over the last few years, it is now easier than ever to manage top-notch security. If we do a comparison PHP is evenly secured.
PHP is the most commonly used web application framework and the level of security it provides is often debated. However, what is factual is that it has no default security mechanism.
Your document root is configured in Apache (assuming you use PHP through Apache httpd server here). Look in your httpd. conf file, you will find directive DocumentRoot , which will show you what directory it uses. It will most probably be something like .../htdocs or .../www or .../html .
Dont download the files using URL String.... Define unique IDs to denote a file, rather than paths.
You might have seen downloads like this http://www.mysite.com/download.php?id=23423 what they do, use this id, to take out the file name and path from the db and then download it.
141
There are several different solutions. If there can be only a filename, a basename() solution would work.
However, if it can be path, a more complex solution is needed
//assume current directory, but can be set anything. Absolute path of course
$basedir = dirname(__FILE__);
//assume our files are below document root.
//Otherwise use it's root dir instead of DOCUMENT_ROOT
$filename = realpath($_SERVER['DOCUMENT_ROOT'].$_GET['file']);
if (substr($filename,0,strlen($basedir)) !== $basedir) {
header ("HTTP/1.0 403 Forbidden");
exit;
}
there is also a useful PHP configuration option open_basedir
40
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
