Michelle Konzack wrote:
Hello Nitsan and Andrew,
Am 2008-06-16 13:20:14, schrieb Andrew Ballard:
On Mon, Jun 16, 2008 at 1:01 PM, Nitsan Bin-Nun <nitsanbn@xxxxxxxxx> wrote:
I think you can handle this with 2 pages, the first is checking whether the
user is permitted to upload or not and if so passing him to the upload form
with a simple (bool) $_SESSION variable which indicates his permissions.
If you will try to access the second page and the $_SESS variable won't
exist it will throw you back to page 1 to validate your permissions.
Am I missing something? (its pretty simple..)
HTH
Yes, it's missing something. There is nothing in this approach to
prevent the remote client from attempting to access the second page
directly. Even if they do not have the valid $_SESSION variable set,
the server will still receive the entire uploaded content before
passing control to the PHP script to validate permissions. In a DoS
attack, the attacker doesn't care whether the request is actually
allowed; only that resources were consumed in handling the request.
It's still the "chicken and egg" problem already described in this
thread.
OK I was thinking about it but IF a $UPLOADER go to
http://domain/index.php
and then click the link
http://domain/mirror_admin.php
which set a cookie and then the $UPLOADER must click a link where he/she
get the page
http://domain/mirror_upload.php
before the page is displayed, PHP could check the cookie right?
If the cookie is valid, it show the Form, if not the potential Uploader
get a long nose.
Thanks, Greetings and nice Day/Evening
Michelle Konzack
Systemadministrator
24V Electronic Engineer
Tamay Dogan Network
Debian GNU/Linux Consultant
That is fine, but I can upload a file to any php script.
I don't need to use your form to do so, I an just use my own form and post data
directly to the script.
If anybody remembers, this was an exploit that was found in the 4.0.6 code back
in the day.
--
Jim Lucas
"Some men are born to greatness, some achieve greatness,
and some have greatness thrust upon them."
Twelfth Night, Act II, Scene V
by William Shakespeare
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php