|
PHP - Is This Enough To Stop Path Traversal?
Hello. Recently I've run into a bit of an issue with Path Traversal. I was searching a bit on solutions to it, but all I could find were sites telling you to fix it, and not showing examples of how. So, I've been running a few tests and seem to have the majority fixed. At least, the ones on Owasp's examples don't work.
I am making a file manager, so they can browse the public_html all they want. I just don't want anyone using ../, or the document root to browse through anything other than through the public_html.
So, here is the solution I have found that seems to work on everything I have seen:
<?php
// Seems to solve plain-text, encoded, and null bytes
$replace = array("%", "..");
$file = str_replace($replace, "", $_GET['file']);
// ./ at the beginning to stop DOCUMENT_ROOT travel
echo show_file_contents("./".$file);
?>
And this is how the path is set up for file_get_contents to access:
<?php
function show_file_contents($file) {
$path = $_SERVER['DOCUMENT_ROOT']."/".$file;
}
?>
My question is: Does this fully stop any directory traversal attempt?
Edited by SarahBear, 09 November 2014 - 08:29 AM. Similar TutorialsHi! So I'm working for someone, and they want me to fix this error in a PHP file.. Here is the code: <?php
include_once('config.php');
$online = mysql_query("SELECT * FROM bots WHERE status LIKE 'Online'");
$offline = mysql_query("SELECT * FROM bots WHERE status LIKE 'Offline'");
$dead = mysql_query("SELECT * FROM bots WHERE status LIKE 'Dead'");
$admintrue = mysql_query("SELECT * FROM bots WHERE admin LIKE 'True'");
$adminfalse = mysql_query("SELECT * FROM bots WHERE admin LIKE 'False'");
$windows8 = mysql_query("SELECT * FROM bots WHERE so LIKE '%8%'");
$windows7 = mysql_query("SELECT * FROM bots WHERE so LIKE '%7%'");
$windowsvista = mysql_query("SELECT * FROM bots WHERE so LIKE '%vista%'");
$windowsxp = mysql_query("SELECT * FROM bots WHERE so LIKE '%xp%'");
$unknown = mysql_query("SELECT * FROM bots WHERE so LIKE 'Unknown'");
$totalbots = mysql_num_rows(mysql_query("SELECT * FROM bots"));
$onlinecount = 0;
$offlinecount = 0;
$deadcount = 0;
$admintruecount = 0;
$adminfalsecount = 0;
$windows8count = 0;
$windows7count = 0;
$windowsvistacount = 0;
$windowsxpcount = 0;
$unknowncount = 0;
while($row = mysql_fetch_array($online)){
$onlinecount++;
}
while($row = mysql_fetch_array($offline)){
$offlinecount++;
}
while($row = mysql_fetch_array($dead)){
$deadcount++;
}
while($row = mysql_fetch_array($admintrue)){
$admintruecount++;
}
while($row = mysql_fetch_array($adminfalse)){
$adminfalsecount++;
}
while($row = mysql_fetch_array($windows8)){
$windows8count++;
}
while($row = mysql_fetch_array($windows7)){
$windows7count++;
}
while($row = mysql_fetch_array($windowsvista)){
$windowsvistacount++;
}
while($row = mysql_fetch_array($windowsxp)){
$windowsxpcount++;
}
while($row = mysql_fetch_array($unknown)){
$unknowncount++;
}
$statustotal = $onlinecount + $offlinecount + $deadcount;
$admintotal = $admintruecount + $adminfalsecount;
$sototal = $windows7count + $windowsvistacount + $windowsxpcount + $unknowncount;
?>
Can anyone tell me the error here, can how to fix it? Hi, I don't know why the foreach loop doesn't output the text node content of <toFirstName> and <toLastName>? please see email.xml file below: Code: [Select] <?xml version="1.0" encoding="ISO-8859-1"?> <email> <message> <to> <toFirstName>Tove</toFirstName> <toLastName toType="common" style="swag">Smith</toLastName> </to> <from> <fromFirstName>Jani</fromFirstName> <fromLastName fromType="unique">Dravison</fromLastName> </from> <heading>Reminder</heading> <body> <prologue>Tis the night before Xmas...</prologue> <paragraph1>Don't forget me this weekend!</paragraph1> <paragraph2>Jump the gun!</paragraph2> <epilogue>The end of the world.</epilogue> </body> </message> </email> Please see script below: ================= Code: [Select] <?php $simpleXMLObj=simplexml_load_file("email.xml"); foreach($simpleXMLObj->message[0]->to[0] AS $curDOM) { print $curDOM->toFirstName->getName."<br />".$curDOM->toLastName->getName."<br />"; ?> Please help me out, I would really appreciate it! Hi all, last few days i searched my butt of on articles about this topic but most don't seem to provide a solution, more a general idea of what it is. So i thought i mix up some functions and asks you guys to see if this could be a working example to prevent directory traversal and the prevention of including remote files. So the files should be on my server. What i try to do is to retrieve a $_GET['variable'] which stands for a filename and afterwards include this file name if the file exists. Any tips and tricks are welcome. if (file_exists(basename(realpath($_GET['filenamehere'])))){ echo 'file exists'; }else{ echo 'file doesn\'t exist'; } thanks in advance! hi guys. i want to implement a referral system. a member can only refer using a form in the memebers area. on the referral form, i have a hidden field which is his referral id and a unique code (md5 generated link) and a field for the email address he wants to refer. once he sends the mail, a referal link (md5 generated, for uniqueness and to curb cheating) is sent to the email so that once he clicks, it takes him/her to the registration area. on my database table referrer_uid - the unique id of person referring someone referred_uid - the unique id of person being referred ref_code - the md5 generated code which is used on the link sent referred_email - the email address of the person being referred status - once a member sends a refer link, status is set to Referal sent date_referred - the date the refering took place date_accepted - the day the referred was accepted (i dont want this to change on clicking a referal link or registration cos not everyone gets accepted to avoid spurious referals) my question is how do i create a traversal tree with this. i read about traversal tree on sitepoint but when i tried to implement the examples, it didnt work for me and i noticed it was an old post. note: i intend giving points based on the child/tree and it could be as deep as possible. also if my method is wrong, ideas are higly appreciated. thanks Hi guys, Happy New Year http://www.phpfreaks.com/forums/php-coding-help/?action=post How can i get the path http://www.phpfreaks.com/forums thanks, Hi,
I am trying to setup cakephp cake console in win7 and run cake bake as in the link below.I set up the env variable in win7 as below with a php and cakeapp entry in this Path.I have easyPHP 12.1 and php works fine. I get an error with php in failing to load. dynamic library but the php dir is in the path below so I have no idea .
I cant set my php env var is my problem . The php.ini is in this dir specified below.
http://www.nurelm.co...ols-in-windows/
E:\Program Files\EasyPHP-12.1\php\php546x121019214357\;E:\AA-website design\acl\app\Console\;
hey guys im still having a issue with using the root path when requiring external files. So i can use one path and never have to worry about this issue. require("/functions/function_battle.php"); the file is located here Code: [Select] C:\Software\XAMPP\xampp\htdocs\System_Lords\functions\function_battle.php i dont understand (include_path='.;C:\Software\XAMPP\xampp\php\PEAR') im suppose to be including the php folder or something? Code: [Select] Fatal error: require() [function.require]: Failed opening required '/functions/function_battle.php' (include_path='.;C:\Software\XAMPP\xampp\php\PEAR') in C:\Software\XAMPP\xampp\htdocs\System_Lords\include\battle.php on line 2 Can I use this path? I didn't know if I could pull in images into a subdomain from another domain ../mysite.com/assets/img/avatars/defaultuser.jpg Hi, I want to get root path and use on links even if i'm in sub to sub folder etc... suppose my site name is fitness.com and having two subfolder. so url will become http://www.fitness.com/dir/dir_sub here i want to put a link to go to root directory file. there are different ways to do that. e.g: Code: [Select] <a href='../../filename.php'>go to that page</a> but i want to use some constant that always shows to root directory. as i defined here Code: [Select] define("SERVER_NAME" , $_SERVER['HTTP_HOST']); //and used it like this <a href='<?php echo SERVER_NAME; ?>/filename.php'>go to that page</a> it works when we're on root directory. but when we go to sub directory it added sub directory name with it. which i don't want. is there any way? Thanks It's the simple things that frustrate me sometimes. My project has a one root folder. Under that are three separate folders (admin, img, and inc). "admin" contains admin pages, "img" contains images, and "inc" contains utility files to be included and used by other scripts. I'll just take one specific problem as an example. In my inc folder is a file called "send_email.php". It needs to include another file called "class.phpmailer.php" in the same directory (inc). Now, since these files are never called directly but included by scripts in the rest of the project, I cannot simply do "require('class.phpmailer.php')". I have a file in the base project directory called validation.php. It needs to include inc/send_email.php to use its functions to, obviously, send email. Now, that part is no problem. I just require('inc/send_email.php') since that is a valid path from validation.php. My problem comes when send_email.php tries to include class.phpmailer.php. As I said before, I cannot just directly include it without any path since it's not being called directly. It "inherits" the path of the file that called it so just a direct require to it. My "solution" was to add a config value called "path" to my config file in the root directory. It would ideally hold the path from the server root to my project folder. In my case I set it to "/danny/smswebalerts/" which is indeed the correct path from my web root. I use $config['path'] to link to my images and CSS files and it works correctly. I thought it would solve my problem when I did the following in send_email.php: require_once($config['path'] . 'inc/class.phpmailer.php'); That indeed correctly builds the full path to that file: /danny/smswebalerts/inc/class.phpmailer.php. When I open up a page that includes send_email, however, I get the following error: Code: [Select] Warning: require_once(/danny/smswebalerts/inc/class.phpmailer.php) [function.require-once]: failed to open stream: No such file or directory in /home/danny/workspace/smswebalerts/inc/send_email.php on line 20 I would appreciate if somebody could give me some nice solution before I just say "screw it" to organization and plop everything in the same directory. It's really frustrating that my project is being held up by some technicality like this. Hey Everyone, I have these 3 scripts to upload an image but I'm having an issue because the images uploaded are going to the same directory as the pages. What do I need to change to make the uploaded images go to a folder path called "pictures". Thanks in advance for the help. Script 1 <form name="form1" method="post" action="adminpicturebrowse.php"> <p align="center">How many pictures for this dog? Max is 9</p> <p align="center"> <input name="uploadNeed" type="text" id="uploadNeed" maxlength="1"> <input type="submit" name="Submit" value="Submit"> </p> </form> Script 2 <form name="form1" enctype="multipart/form-data" method="post" action="adminaddupload.php"> <p align="center"> <? // start of dynamic form $uploadNeed = $_POST['uploadNeed']; for($x=0;$x<$uploadNeed;$x++){ ?> <input name="uploadFile<? echo $x;?>" type="file" id="uploadFile<? echo $x;?>"> </p> <div align="center"> <? // end of for loop } ?> </div> <p align="center"><input name="uploadNeed" type="hidden" value="<? echo $uploadNeed;?>"> <input type="submit" name="Submit" value="Submit"> </p> </form> Script 3 <? $uploadNeed = $_POST['uploadNeed']; // start for loop for($x=0;$x<$uploadNeed;$x++){ $file_name = $_FILES['uploadFile'. $x]['name']; // strip file_name of slashes $file_name = stripslashes($file_name); $file_name = str_replace("'","",$file_name); $copy = copy($_FILES['uploadFile'. $x]['tmp_name'],$file_name); // check if successfully copied if($copy){ echo "$file_name<br>"; }else{ echo "$file_name<br>"; } } // end of loop ?> Hi, How can i show image using absolute path instead of virtual path?? Help please my problem is when i click on hyperlink it start copying it self insertrow=yes in address bar how to tackle this Code: [Select] $httpquery = "{$_SERVER['PHP_SELF']}?{$_SERVER['QUERY_STRING']}&insertrow=yes" ; <a href='{$httpquery}' >New</a> <br> if (isset($_GET['insertrow'])) { echo "<br> {$_GET['insertrow']} "; } Hi, I have a dynamic variable like this: /def/g/qaz/pol/cxz/cba/abc I only wish to keep this: /def/g/qaz/pol/cxz How would I do this? Thanks, - mme Hey guys! I just joined this forum today, and I'm wondering about something... I see a lot of sites, and in the code of the site, style sheets and javascript includes are references in a manner similar to this... "href='http://www.somesite.com/css/css.php/someDirectory/style.css'" How is this done? The path following the "css.php" is what confuses me. Thanks for any information you have! Hello, I would like to know how to include a root file in a 4 deep folder using dots. Is it good : include "../../../config.php" or i can simple include "./config.php" ? How does this works? Is it better to write all the path? Thank you Directory structu /home/~test/public_html/soap/ .../xml/ .../bin/ .../products/browser/ In file /home/~test/public_html/soap/bin/products/browser/test.php, I include another file and call it's function: Code: [Select] require("../../xml/processXML.php"); $xmlData = generateXML(....); In the /home/~test/public_html/soap/xml/processXML.php, I have the following code: Code: [Select] function generateXML() { exec("../bin/code.cur"); } The problem is the exec("../bin/code.cur") fails of the relative path issue. I did a getcwd() before the exec() and it returned /home/~test/public_html/soap/bin/products/browser. I have tried using dirname() and no help. I hope this is clear enought to understand where I am coming from. Thank you. AM In NetBeans - in what I think is the Web Root - I have... config.inc.php secure/checkout.php In "checkout.php", when I use this code it works... Code: [Select] <?php require_once "../config.inc.php"; ?> but when I try to use an Absolute Path, it errors out... Code: [Select] <?php require_once "/config.inc.php"; ?> I thought "/" moved you up to the Web Root and then you drill down from there? So the second example should also work in my mind?! What is wrong? Debbie Im having a strange path problem. The problem is that in the base directory, i have some php files. These goes well. I also have two folders: one for my function library, and other for some type of webpages. My problem is that if i changue to a webpage in that folder through the menu in the base directory the path itself it also changues, so it became that directory. Base dir: tr Library directory: lib Category dir: categorias (these two are in tr, and tr in www of wamp) If i echo a link like this in some page that is in the tr directory: <li><a href="categorias/listar_memoria_ram.php">List RAM Memory</a></li> And i go to that web, the include path changues, so it became categorias. I use functions to echo the menu each time, so, it dont work because it uses the relative path, so, if i echo this again: <li><a href="categorias/listar_memoria_ram.php">List RAM Memory</a></li> the url thas is finally called in the web explorer is: http://localhost/tr/categorias/categorias/listar_Memoria_Ram.php That dont exist. Note also that all my web functions are in a file that exists in the lib library and thats included each time using this: include_once '/../lib/lib_inventario.php'; That file have a impMenu function that is used each time, and all the others. What i was seeking if a plain way of controlling the path so it became more simplier and i could just use a single path, without exceptions. Or at least an explanation that why these happens. Ask for whatever any extra information you need. I am trying to find the URL to a directory TWO levels above the script level (if you know what I mean). For example.. the script sits at Code: [Select] http://www.domain.com/TestArea2/members/index.php BUT I need to find the path to Code: [Select] http://www.domain.com/TestArea2/ the nearest I get is... $domain = $_SERVER['HTTP_HOST']; $domain .= $_SERVER['REQUEST_URI']; echo $domain; // outputs www.domain.com/TestArea2/members/index.php Is there a simple method to do this or have I got to split the string and work backwards? Many thanks |
|||||||