Welcome Guest, Not a member yet? Register   Sign In
CodeIgniter Forums Archived Discussions Archived Development & Programming Question about file uploads
Question about file uploads
  • El Forum
    Guest
  •  
#5
07-17-2008, 07:03 PM

[eluser]thurting[/eluser]
Hi Rick,

I haven't played with your code, but I came back to ctrl+c as a starting point, and noticed what looks to be a pretty severe vulnerability. Because $filepath is taken from the URL, it can be manipulated by the user; e.g. ../../../etc/passwd. Now if ../../../etc/passwd existed on your fs, the user would be able to access that file given your implementation. I know you said this was untested, but if you have it deployed, you should patch it immediately.


Messages In This Thread
Question about file uploads - by El Forum - 07-16-2008, 10:41 PM
Question about file uploads - by El Forum - 07-17-2008, 07:39 AM
Question about file uploads - by El Forum - 07-17-2008, 12:20 PM
Question about file uploads - by El Forum - 07-17-2008, 01:41 PM
Question about file uploads - by El Forum - 07-17-2008, 07:03 PM
Question about file uploads - by El Forum - 07-18-2008, 12:22 AM



Theme © iAndrew 2016 - Forum software by © MyBB