[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Full-Disclosure] file_exists() bypassing , critical problem ?
- To: <nothing_null@hotmail.com>, <full-disclosure@lists.netsys.com>
- Subject: [Full-Disclosure] file_exists() bypassing , critical problem ?
- From: "Nourredine Himeur" <lostnoobs@security-challenge.com>
- Date: Mon, 2 Feb 2004 15:45:02 +0100
>But all bugs aren't a vulnerability.
I don't thinks , for me , all bugs ARE a vulnerability.
You show only my example but imagine you want to verifie if do this :
http://www.security-challenge.com/123456/outils/source.php
traduct:
Lire une source HTML = Read a HTML source
source.php:
-------------------------------------------------------------------
$contenu = file( $url );
while ( list( $numero_ligne, $ligne ) = each( $contenu ) )
{
echo "<B>Ligne $numero_ligne:</B> ".htmlspecialchars( $ligne ) .
"<br>";
}
-------------------------------------------------------------------
with function file() I show the HTML source
But you don't want ,visitor see the local source of your own file because if
file() open a local file PHP it see the PHP source.
If you used file_exists() to protect your own page , a malicious visitor can
use the vulnerability of this function to see the source php of your own
page.php !!!
You talk only about my example , it's stupid . Every bug are a vulnerability
in informatik.( If a function don't work as good you can exploit it)
You've gone say : "Your code is vulnerable"
For finish with this subject I 'm gone to say (same as securityfocus) :
"Prevent is better to cure"
Nourredine Himeur
www.security-challenge.com
If I had been prevented I shall not have been pirated ...
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html