Results 1 to 11 of 11
Thread: is this a security hole?
Apr 5, 2009, 16:20 #1
- Join Date
- Mar 2008
- Asheville, NC
- 0 Post(s)
- 0 Thread(s)
is this a security hole?
this looks bad to me, but it solves a lot of problems.
basically I got files inside /app/webroot
I got a .htaccess file, that redirects URLs to /loader.php?include_page=[whatever you type], as follows:
RewriteRule ^(.*)$ loader.php?include=/$1 [QSA,L,NC]
so, for instance, if you visit /search/foo/, apache redirects traffic to /loader.php?include=/search/foo/
eventually (after doing lots of stuff), loader.php includes the page specified in $_GET['include'], in this way:
include '/app/webroot' . $_GET['include']
it looks to me like a bad security hole, but I've tried all possible values I could think of, and nothing bad happened.
I think this doesn't allow loading external sites or system files like /etc/passwd, because the way the include is, the file must be inside /app/webroot, and whatever it's in this directory you access from the web anyway.
am I missing something? is this bad?
any suggestion appreciated.