TalkPHP - View Single Post

sjaq · 12-25-2007, 08:23 PM

This script is really insecure, you can just say ?file=../../../../etc/passwd or something like that, for it to be safe you need to replace this line:

PHP Code:


			
$file = $_GET['file'];

with:

PHP Code:


			
$file = str_replace('/', $_GET['file']);

And why do you pass the same argument twice into the _Download function?

PHP Code:


			
_Download($file, $file);

12-25-2007, 08:23 PM	#5 (permalink)
sjaq The Acquainted Join Date: Nov 2007 Location: Netherlands Posts: 113 Thanks: 11	This script is really insecure, you can just say ?file=../../../../etc/passwd or something like that, for it to be safe you need to replace this line: PHP Code: `$file = $_GET['file'];` with: PHP Code: `$file = str_replace('/', $_GET['file']);` And why do you pass the same argument twice into the _Download function? PHP Code: `_Download($file, $file);`