logtide
Reputation: 43
PHP URL manipulation security issue
We all know that ".." can be used to access lower levels of the file structure when used in $_GET["filename"] with
require("/folderwithtrustedfiles/" . $_GET["filename"]);
My questions is: If all files within folderwithtrustedfiles are trusted and ok for require, can this be considered as secure or is there any other trick other than .. to include files from other folders?
if(strpos($_GET["filename"], "..") === false)
require("/folderwithtrustedfiles/" . $_GET["filename"]);
Upvotes: 1
Views: 147
Answers (1)
hek2mgl
Reputation: 157927
You can type the following url:
http://yourserver.com/index.php?file=../config/db
I would enforce the base path using realpath(). Like this:
$filename = __DIR__ . '/content/' . $_GET['file'];
if(strpos(realpath($filename), __DIR__ . '/content/') !== 0) {
die('bad path');
}
Upvotes: 1
Related Questions
- Security Reasons PHP
- URL manipulation in php
- PHP Prevent URL Tampering
- PHP Harmful URL protection
- php file in URL - security
- Is this code vulnerable to hacker attack?
- How to prevent URL variables tampering in PHP?
- Preventing editing of / obscuring parameters in URLs
- prevent url tampering in php
- The URL Security