Dirk: Added category

2008-03-07T13:13:05Z

Added category

THEMike at 21:20, 11 March 2006

2006-03-11T21:20:32Z

New page

== Beware of Relative Paths ==

Plugins designed to work with files stored on the system are likely to suffer from security issues if they do not take great care to deal with the paths in question.

For example, suppose your plugin prompts a user to pick a file from a list, then passes that filename through to display (log file browser?):

<pre>
<?php

$filename = $_POST['filename'];
readfile( $_CONF['path_system'] . '/plugins/myexploitablefileplugin/files/' . $filename );
?>
</pre>

This is very vulnerable. A malicious user could inject ../../../../../etc/passwd for example, or any other file you wouldn't want to make public. Suppose you use this method to include a theme.php file with an include call? Then a user could inject anything they've managed to drop into your error.log file!

← Older revision		Revision as of 13:13, 7 March 2008
Line 14:		Line 14:

	This is very vulnerable. A malicious user could inject ../../../../../etc/passwd for example, or any other file you wouldn't want to make public. Suppose you use this method to include a theme.php file with an include call? Then a user could inject anything they've managed to drop into your error.log file!		This is very vulnerable. A malicious user could inject ../../../../../etc/passwd for example, or any other file you wouldn't want to make public. Suppose you use this method to include a theme.php file with an include call? Then a user could inject anything they've managed to drop into your error.log file!
		+
		+
		+	[[Category:Development]]

File Paths - Revision history

Dirk: Added category

THEMike at 21:20, 11 March 2006