Full Disclosure mailing list archives

Re: Oddities of PHP file access in Windows (R). Cheat-sheet [maybe 0day]

From: Владимир Воронцов <vladimir.vorontsov () onsec ru>
Date: Wed, 12 Jan 2011 12:26:44 +0300

Hello Chris,

This article is written in order to emphasize the need to verify your user
information, such as file names.
Unfortunately, in our practice (mainly in Russia) of study of web
applications, such meets are not always.

I am very glad that all your applications are well protected! 

But also keep in mind that the vulnerability much more than meets the eye
...

On Wed, 12 Jan 2011 10:11:08 +0100, Christian Sciberras
<uuf6429 () gmail com>
wrote:

Yay, another PHP bashing paper. *cool*

Sarcasm aside, this is all the more reason why one should

validate/filter

user input.
The paper's details are new to me, however, as a web developer I can
confidently say that my filename-management-related routines are

completely

safe against this attack.
Why? Because special characters such as those mentioned in the paper

(which

by the way, aren't valid filename characters), are replaced be a legal

and

safe alternative (such as a dash or underscore).

We can blame PHP's magic. Then again you can blame C and C++'s pointer
magic
is the biggest security bug ever.

Or you can blame the human factor behind the end, defective, product.

Either-case, interesting study. My only complaint? Keep uninformed

opinion

to yourself next time though, it only dirties you arguments.

Cheers,
Chris.



On Wed, Jan 12, 2011 at 9:59 AM, Владимир Воронцов <
vladimir.vorontsov () onsec ru> wrote:

Hello Full-Disclosure!

Abstract
Notorious web development language, PHP, is under constant watch of the
hackers, security
researchers and other persons who just love to tinker around some

stuff.

Numerous vulnerabilities and
bugs of PHP interpreter regularly highlights bug-tracks, wakes up
administrators and burdens the minds
of web site owners. And we never can know what nifty tricks PHP
interpreter had reserved for our next
day. In this paper we will describe details about how PHP treats file
names on Windows operating
systems, regarding the presence of different fuzzy characters

Original English article: http://onsec.ru/onsec.whitepaper-02.eng.pdf

--
Best regards,
Vladimir Vorontsov
ONsec security expert

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


-- 
Best regards, 
Vladimir Vorontsov
ONsec security expert

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Current thread:

Re: Oddities of PHP file access in Windows (R). Cheat-sheet [maybe 0day] Christian Sciberras (Jan 12)
- Re: Oddities of PHP file access in Windows (R). Cheat-sheet [maybe 0day] Владимир Воронцов (Jan 12)
- Re: Oddities of PHP file access in Windows (R). Cheat-sheet [maybe 0day] gold flake (Jan 13)
  - Re: Oddities of PHP file access in Windows (R). Cheat-sheet [maybe 0day] Christian Sciberras (Jan 13)