 |
 |
 |
 |
|
|
Date: 09/04/00
- Next message: mike.king <email protected>: "[PHP-DEV] PHP 4.0 Bug #6523: Unable to use 'passthru' function"
- Previous message: Bug Database: "[PHP-DEV] PHP 4.0 Bug #6341 Updated: floating point exception on session.c"
- In reply to: Signal 11: "[PHP-DEV] RE: (SRADV00001) Arbitrary file disclosure through PHP file upload"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
S1>> <?php
S1>> if($userfile_size != filesize($userfile)){
S1>> echo "File upload variables have been tampered with.\n";
S1>> }
S1>>
S1>> ?>
S1>>
S1>> This will prevent most attacks, unless the filesize is the same
S1>> as the local file. Like I said - workaround.. but it is one you
S1>> can impliment in your code *now* instead of waiting for a patch.
I fear this is no good. If you need to steal /etc/passwd, you can easily
have 1000 tries and get the right size. Since you are not limited in the
number of tries, you'll succeed sooner or later.
-- Stanislav Malyshev stas <email protected> http://www.zend.com/ +972-3-6139665 ext.106-- PHP Development Mailing List <http://www.php.net/> To unsubscribe, e-mail: php-dev-unsubscribe <email protected> For additional commands, e-mail: php-dev-help <email protected> To contact the list administrators, e-mail: php-list-admin <email protected>
- Next message: mike.king <email protected>: "[PHP-DEV] PHP 4.0 Bug #6523: Unable to use 'passthru' function"
- Previous message: Bug Database: "[PHP-DEV] PHP 4.0 Bug #6341 Updated: floating point exception on session.c"
- In reply to: Signal 11: "[PHP-DEV] RE: (SRADV00001) Arbitrary file disclosure through PHP file upload"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]