Web lists-archives.com

[PHP] Re: How far out of practice am I? Look inside to find out!




On 28.04.2016 at 17:38, Jason Pruim wrote:

>               $position = htmlentities($_POST["selPosition"], ENT_QUOTES);
> 
> echo "/includes/".$position.".inc";
> 
> So the file exists in /includes/LES.inc and it populates it properly. I've
> tried echo, I've tried include"/includes/".$position.".inc"; and I can't
> figure out what I'm missing...

As Stuart already said: you have to use a valid path (./includes/...
would do).

Anyway, the bigger problem is that the code appears to have a file
inclusion vulnerabilty; consider somebody posts something like
&selPosition=../../etc/passwd.

So ideally you'll want to check the posted selPosition against a
whitelist of allowed files, or at least you'll want to make sure that
there's no directory traversal possible.

-- 
Christoph M. Becker


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php