able to view arbitrary files

Status: Beta

Brought to you by: davemj

#10 able to view arbitrary files

Status: open-accepted

Owner: David Johnson

Labels: Internals (14)

Priority: 5

Updated: 2004-05-29

Created: 2004-05-19

Creator: LoOoD

Private: No

http://domain.com/showpic.php?album=../../../../../../../../../../../../../../../../../../../../../../etc&pic=passwd&dispsize=Original

I was able to grab a couple of /etc/passwds off of some
webservers.

Discussion

LoOoD - 2004-05-19

Logged In: YES
user_id=1009311

'../' shouldn't ever be in the $album, correct? blast it away?

$album = preg_replace('/..\//', '',
stripslashes($_GET['album']));

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

LoOoD - 2004-05-19

Logged In: YES
user_id=1009311

$album = preg_replace('/\.\.\//',
'',stripslashes($_GET['album']));

would work better..

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

David Johnson - 2004-05-29

assigned_to: nobody --> davemj

status: open --> open-accepted
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Log in to post a comment.