/ might be a correct path not a hack attempt. here's something normalizes a
directory for a given path passed to it.
eg /index.txt
eg ../../../ will get parsed out. such as in the
http://www.somesite.com?page=../../../../etc/passwd
Originally written for a directory browse script i use for a /pics directory
on www.shanghaiguide.com/pics
I used to use realpath, but it started working differently on my box in the
4.0.6 release, so I wrote this
function TruePath ($path){
//Not really optimized but it does work.
$patharray = explode ("/", $path);
$path="";$count=count($patharray);//We have multiple count($patharray) so a
minor bit faster.
for ($i=0;$i<$count; $i++){
if ( $patharray[$i] == "." || $patharray[$i]== ".." || ( (($i+1) < $count)
&& ($patharray[$i+1]== "..")) ) {
//If the current pos is a . ignore, if pos+1 == .. ignore, lastly if current
= .. ignore.
}
else {
$path .= $patharray[$i]."/";
}
}
//Trim trailing slash
$path = substr($path,0,-1);
return ($path);
}
May or may not be useful for someone. I welcome an optimized one using a
regex, this was my non regex attempt ;)
Cheers,
Lawrence.
-----Original Message-----
From: ReDucTor [mailto:[EMAIL PROTECTED]]
Sent: August 17, 2001 1:42 PM
To: Bob; Rasmus Lerdorf
Cc: [EMAIL PROTECTED]
Subject: Re: [PHP] hacks we should know about
<?php
if(ereg("/", $file))
{
$file = file("loggedips.txt");
$fp = fopen("loggedips.txt", "w");
fwrite($fp, "\r\n".$REMOTE_ADDR." to ".$file);
for($i=0;$i<sizeof($file);$i++)
fwrite($fp, $file[$i]);
fclose($fp);
die("Hack attempt...IP Logged");
}
else
showsource($file);
?>
----- Original Message -----
From: "Bob" <[EMAIL PROTECTED]>
To: "Rasmus Lerdorf" <[EMAIL PROTECTED]>
Cc: <[EMAIL PROTECTED]>
Sent: Friday, August 17, 2001 2:17 PM
Subject: Re: [PHP] hacks we should know about
> rasmus, if password.inc is being parsed by php then how would you get the
> code??? won't it just be a blank page??? oh i thought up one more ...
>
> 4. checking for html tags and php scripting when accepting data from text
> boxes
>
>
> Rasmus Lerdorf wrote:
>
> > > hi i found it very helpful to know about hacks such as the below list
> > > and was wondering if anyone had any more dumb mistakes they could tell
> > > us before we make them.
> > >
> > > 1. http://www.somesite.com/source.php3?url=/etc/passwd
> > > 2. http://www.somesite.com?page=../../../../etc/passwd
> > > 3. not setting .inc files to be parsed by php
> >
> > This is the wrong solution to securing include files. The correct
> > solution is to block any direct access to .inc files by either putting
> > them outside your document root or by using an Apache deny rule.
> >
> > -Rasmus
>
>
> _________________________________________________________
> Do You Yahoo!?
> Get your free @yahoo.com address at http://mail.yahoo.com
>
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
> To contact the list administrators, e-mail: [EMAIL PROTECTED]
>
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
