[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-Disclosure] file_exists() bypassing , critical problem ?

Nourredine Himeur wrote:

But all bugs aren't a vulnerability.


I don't thinks , for me , all bugs ARE a vulnerability.

Your personal opinion doesn't matter, facts do.


traduct:
Lire une source HTML  = Read a HTML source

source.php:
-------------------------------------------------------------------
   $contenu = file( $url );

    while ( list( $numero_ligne, $ligne ) = each( $contenu ) )
    {
        echo "<B>Ligne $numero_ligne:</B> ".htmlspecialchars( $ligne ) .
"<br>";
    }
-------------------------------------------------------------------
with function file() I show the HTML source

But you don't want ,visitor see the local source of your own file because if
file() open a local file PHP it see the PHP source.

If you used file_exists() to protect your own page , a malicious visitor can
use the vulnerability of this function to see the source php of your own
page.php !!!


It's just the same for not properly escaping single quotes in dynamic SQL statements; a vulnerability caused by bad scripting.

I think your only goal here is slandering the PHP folks. Your example is just as badly programmed as the previous examples, not to mention the fact your example doesn't use file_exists and if it would, how would file_exists() protect you from reading PHP documents?

Jorrit

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html