Ruslan Sivak wrote on Wed, 30 Apr 2008 10:29:25 -0400:
> And inside index.php it does something like
>
> <? include($_GET['page'].".php") ?>
>
> This is a gross simplification, but it's my understanding that if the
> file was named 'foo.php' and someone typed in
>
> http://www.domain.com/index.php?action=Foo
did you mean page=Foo ?
I hope that was really just an example. If you take that input unchecked
and include other files with it your security is non-existant.
>
> It would still work on windows, but not on linux because of case
> sensitivity.
Simple: downcase all variable input that you need for further processing.
If it's not external input, but your application simply does not
differentiate between cases and sometimes includes "Somepage.php" and
sometimes" somepage.php" that is really bad programming and it's also
easily solved by a find/replace. Nothing big.
Kai
--
Kai Schätzl, Berlin, Germany
Get your web at Conactive Internet Services: http://www.conactive.com
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos
