<GEEK>Hacked some PHP yesterday, the guys who had built the news papers site though that dynamic includes was really nifty... yup, so they used it heavily to include templates... but never though "security", it was wide open for dot-dot-slash hack. It was possible to fetch the contents of /etc/passwd ... I plugged it with a regexp hack that stripped off dot-dot-slash and everything before a slash and the slash... but also checks the existence of the desired file, in a predetermined directory... I think that would successfully plug that hole. Another 20 minute hack.</GEEK>
- Mood:
tired
<GEEK>Hacked some PHP yesterday, the guys who had built the news papers site though that dynamic includes was really nifty... yup, so they used it heavily to include templates... but never though "security", it was wide open for dot-dot-slash hack. It was possible to fetch the contents of /etc/passwd ... I plugged it with a regexp hack that stripped off dot-dot-slash and everything before a slash and the slash... but also checks the existence of the desired file, in a predetermined directory... I think that would successfully plug that hole. Another 20 minute hack.</GEEK>
- Post a new comment
- 0 comments
- Post a new comment
- 0 comments
