Member
Hi friends,
I have recently started doing the PHP programming language, so I am not having much knowledge. I have done with the coding that should be known for the basic PHP. Now I am studying about the file security and an issues caused by the files. But I am not able to understand about an issues that are caused while using the null bytes. So thought that you guys may help me.!! Please tell me about an Issues of Files when using Null Bytes in PHP.!!
Member
PHP is subject to safety rules intrinsic to most server systems: it respects the rights of particular files and folders. As PHP uses C functions for the underlying transactions, including system-level file, it can handle null bytes unexpectedly. Given that null bytes denote the end of a string in C, some functions will therefore consider these channels until the first occurrence of a null byte.
3.2 (northwood)
2gig ram
ATI AIW X800xt 256mb
Gigabyte GA-8knxp 875p Chipset
Optiwrite 8X DVD Burner
Win XP PRO Sp2 (Works Perfectly)
2 SATA Raptor 74gig Raid 0
2 7200 IDE 320gig HD
Member
I am providing you with an example, so that it would be better for you to understand the topic. The following example shows a vulnerable code that demonstrates this problem :
PHP Code:<?php
$file = $_GET['file']; // "../../etc/passwd\0"
if (file_exists('/home/wwwrun/'.$file.'.php')) {
include '/home/wwwrun/'.$file.'.php';
}
?>
I do to dead flowers what people at morgues do to dead people. Suck all the moisture out, dip them in plastic, paint them up pretty and put them in a nice frame.
Member
PHP is subject to safety rules intrinsic to most server systems: it respects the rights of particular files and folders. Particular attention should be paid to the files or folders that are accessible to everyone, to ensure that they do not disclose critical information. Since PHP was designed to allow users to access files, you can create a script that allows you to read files like / etc / passwd, modify your ethernet connections, start printing documents, etc.. This includes that you must ensure that the files handled by the scripts are the appropriate ones.
Member
Consider the following script, where the user indicates that he wishes to delete a file in the root folder. We assume that PHP is used as a web interface for managing files, and that the Apache user is allowed to delete files in the root user :
PHP Code:<?php
$username = $_POST['user_submitted_name'];
$userfile = $_POST['user_submitted_filename'];
$homedir = "/home/$username";
unlink("$homedir/$userfile");
echo "The selected file has been deleted!";
?>
Member
There are two important measures to take to avoid an attack on the filesystem, and they are :
- Restrict the permissions of the PHP web user.
- Check all variables associated with paths and files that are provided.
If your authentication system allowed users to create their own login, and a user chose the login .. / etc /, the system is again exposed. For this reason, you can try to write a script that is more strong like below :
PHP Code:<?php
$username = $_SERVER['REMOTE_USER'];
$userfile = $_POST['user_submitted_filename'];
$homedir = "/home/$username";
$filepath = "$homedir/$userfile";
if (!ctype_alnum($username) || !preg_match('/^(?:[a-z0-9_-]|\.(?!\.))+$/iD', $userfile)) {
die("Bad username/filename");
}
?>
Posting Permissions
Reply With Quote
Bookmarks