开发者

File System and security (PHP)

开发者 https://www.devze.com 2022-12-31 12:26 出处:网络
Consider a simple file upload system written in php. User has acce开发者_Go百科ss only in admin panel.

Consider a simple file upload system written in php. User has acce开发者_Go百科ss only in admin panel. (Not FTP). He may change folder option from 707 to 755 for security issue. How can do this? Can we do this from upload script ? If yes is this a secure application?


You can use chmod for that. Every file system operation has a running risk, so consider the fact that the user might try to change the permissions of another file so you have to sanitize the input.

bool chmod  (  string $filename  ,  int $mode  )

Attempts to change the mode of the specified file to that given in mode.


we can't do while uploading a script,this is not a secure way any one can hack it. I can be done only in file uploading page code by giving chmod through ftp.


This scripts removes all the dirty stuff and also checks the white file list from the directory.If the file is exists in the dir then result will be true otherwise a hacking attempt

function WhitePage($page) {

        $info2 = apache_lookup_uri('src/index.php?p=' . $page);

        list($arg, $val) = explode("=", $info2->args);

        $myrequest = basename(htmlspecialchars_decode($val));

        return $myrequest;
    }

    function Read_Dir($dir, $array = array()) {
        $dh = opendir($dir);
        $files = array();
        while (($file = readdir($dh)) !== false) {
            $flag = false;
            if ($file !== '.' && $file !== '..' && !in_array($file, $array)) {
                $files[] = trim($file);
            }
        }
        return $files;
    }

    function WhiteList($page = null) {
        $info2 = apache_lookup_uri('src/index.php?p=' . $page);
        list($arg, $val) = explode("=", $info2->args);
        // basename from the std class
        $myrequest = basename(htmlspecialchars_decode($val));

        $myrequest = trim($myrequest . '.php');
        //pathinfo from the std class
        $path = pathinfo($info2->filename);
        // get the files array
        $whitefiles = Read_Dir($path['dirname']);

        if (in_array($myrequest, $whitefiles, true)) {

            $res = 1;
        } else {

            $res = 0;
        }
        return $res;
    }

    // this is solution of this kind of the problems
    //$p='index.php?p=../../../../../../../../etc/passwd%00index.html';
    $p = '../../../../../../../../etc/passwd%00index.html';
    $p = WhitePage($p);
    $result = WhiteList($p);

    if ($result) {
        echo 'ok';
    } else {
        echo 'Die ,You evil hacker';
    }


It looks like you do not understand the way web-server works. It has only one system user ans there is no need to change any permissions for the site users.

To implement an ACL feature, one need a database to hold users and rights, and some manual download method implementation, a simple one (proper headers+readfile()) or one of more complicated solutions, like nginx's x_accel_redirect

0

精彩评论

暂无评论...
验证码 换一张
取 消

关注公众号