News Feed
Sections




News Archive
Looking for more information on how to do PHP the right way? Check out PHP: The Right Way

DZone.com:
File Path Injection in PHP <= 5.3.6 File Update (CVE 2011-2202)
June 21, 2011 @ 08:44:02

On DZone.com's PHP on Windows section today Krzysztof Kotowicz has a new post talking about a file path injection exploit in PHP versions lower than 5.3.6.

Since the thing went public before new PHP version has been released, I present full details of the latest PHP vulnerability I reported - together with some sweet demo exploit. The issue was found with fuzzing being part of my recent file upload research. And I still have some more to show in the future :)

The issue, described in more detail here on bugs.php.net (as of the time of this post, unfortunately unavailable) and his code to reproduce the issue is here. Due to a bug in the code that should strip down the upload to just the filename, certain kinds of file paths can make it through. The real problem comes in when an application blindly uses this filename to write to, possibly overwriting important files. You can see a screenshot of it in action here.

0 comments voice your opinion now!
file path injection bug filename


blog comments powered by Disqus

Similar Posts

Sebastian Bergmann's Blog: Test Runner Improvement in PHPUnit 3.3

Chris Shiflett\'s Blog: The addslashes() Versus mysql_real_escape_string() Debate

SitePoint PHP Blog: Is Your PHP Application Affected by the Y2K38 Bug?

Matthew Turland's Blog: Watch Your Include Path

Henrik Bjørnskov' Blog: Symfony2: Quick tip for your security configuration


Community Events





Don't see your event here?
Let us know!


bugfix threedevsandamaybe language symfony code conference interview introduction laravel framework zendserver community tips api voicesoftheelephpant deployment series list podcast release

All content copyright, 2014 PHPDeveloper.org :: info@phpdeveloper.org - Powered by the Solar PHP Framework