[phplib-dev] security: READ THIS!
by giancarlo pinerolo other posts by this author
Jul 14 2001 8:26AM messages near this date
[phplib-dev] More: security: READ THIS!
|
[phplib-dev] ... and more
Gosh
with regards to this paper, named PHP Security Paper (a study in
scarlet)...
http://www.securereality.com.au/studyinscarlet.txt
I always thought _PHPLIB was a defined constant, now I realize it is an
array
try this script please, which can override the $_PHPLIB[libdir] value.
in the third input field, which overrides _PHPLIB[libdir], type '/tmp/',
and it will include a file named 'test' there
Giancarlo
............
<?
if (!$HTTP_POST_VARS[step2])
{
?>
<form action="<?echo $PHP_SELF?> " method=post>
$HTTP_GET_VARS[mytest] var:<br>
<input name="HTTP_GET_VARS[mytest]" value="1" >
<br>
the variable $mytest2 var:<br>
<input type=text name="mytest2" value="2" >
<br> $_PHPLIB[libdir] var <br>
(trailing slash required, will include a file namet 'test' there)<br>
<input name="_PHPLIB[libdir]" value="1" >
<input type=submit name=step2>
</form>
<?
}
else
{
echo "the HTTP_GET_VARS[mytest] --> ".$HTTP_GET_VARS["mytest"]."<br>";
echo "the variable mytest2 --> ".$HTTP_POST_VARS["mytest2"]."<br>";
echo "_PHPLIB[libdir] --> ".$HTTP_POST_VARS["_PHPLIB"][libdir]."<br>";
echo "including the file 'test' in the submitted _PHPLIB[libdir]
directory<br> ";
include ($_PHPLIB[libdir]."test");
}
?>
.......
file 'test' placed in /tmp/
<?
echo "<h1> CIAO</h1>";
?>
--
Abbestellen mit Mail an: phplib-dev-unsubscribe@[...].de
Kommandoliste mit Mail an: phplib-dev-help@lists.netuse.de
Thread:
giancarlo pinerolo
giancarlo pinerolo
giancarlo pinerolo
nathan r. hruby
Jeff Stuart
nathan r. hruby
Jeff Stuart
nathan r. hruby
nathan r. hruby
|
