Christian Schneider wrote:
example: include "./foo/bar/index.php/../../../../../../etc/passwd";
This is a completely legal unix path as .. in / is / again. And from a security point of view I'd say the only thing you gain by disallowing this is that the number of .. in the path have to be guessed (pretty easily) by the attacker.
This is no legal unix path, because index.php is a file and not a directory.
And to understand the security impact:
include "./foo/bar/template_".$userinput;
By setting $userinput to "validtemplate.php/../../../../etc/passwd" you get to the /etc/passwd file, altough the path is completely illegal.
Stefan
-- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
