Posted by Chris Shiflett on 08/26/05 04:44
Graham Anderson wrote:
> Is the below reasonable safe ?
>
> I have all of my main functions outside the web folder
> I am including this function with every php script that
> accesses fonovisa.inc
>
> function getBrain()
> {
> $temp = explode('.', $_SERVER['SERVER_NAME']);
Because $_SERVER['SERVER_NAME'] can be manipulated by the user in some
cases, you must consider $temp tainted at this point.
> $size = count($temp);
> $server = $temp[$size -2];
Now $server is tainted.
> $brainPath = "/home/".$server."/includes/fonovisa.inc";
Therefore, this is a security vulnerability.
Hope that helps.
Chris
--
Chris Shiflett
Brain Bulb, The PHP Consultancy
http://brainbulb.com/
[Back to original message]
|