php file injection

• Previous message: Ron DuFresne: "RE: wireless woes in the triangle and beyond!"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

 Hi,

 Fast silly question: let's suppose a .php where you have:
- a variable $template, which could be set up by an attacker
-the script creates a new variable adding a file-extension:
 $file = $ template + ".txt"
- finally it does a open($file).

 Well, it is quite evident that an attacker could easily read any .txt
file on the system. But, would it be possible for an attacker to read
*any* file (with *any* extension)? (for instance, /etc/passwd).

 In perl there are some tricks like %00 that could help us to get rid
of the file extension, but I don't know of any similar trick in .php.

 Regards,
 --Roman

• Next message: Moser Max: "More detailed Mac list splitting on wireless access-points"
• Previous message: Ron DuFresne: "RE: wireless woes in the triangle and beyond!"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri May 31 2002 - 08:45:00 PDT