@ 1:54:08 AM on 4/3/2001, Rasmus Lerdorf wrote:
RL> So you wrote a script that took a filename as an argument somehow and did
RL> something with it? That's always going to be insecure unless you do a lot
RL> of error checking on it.
...
RL> On Tue, 3 Apr 2001, Marthe Kristiansen wrote:
...
>> $filename=str_replace("..","",$filename);
>> $filename=str_replace("/","",$filename);
>> $filename=str_replace("%20","",$filename);
>>
>> He used /, .. and %20 to reach this file on my server.
As a matter of fact, you can get the same result in just about
anything. If he doesn't realize the same thing can be done in, for
example, Perl, he shouldn't even be auditing anything in the first
place. What you've described is _certainly_ not limited to PHP.
-Brian
--
PGP is spoken here: 0xE4D0C7C8
Please do not carbon copy me on list replies.
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
