PHP Classes

Security BUG php directory explorer

Recommend this page to a friend!

      php directory explorer  >  All threads  >  Security BUG php directory explorer  >  (Un) Subscribe thread alerts  
Subject:Security BUG php directory explorer
Summary:A user could read directory and file names on server
Messages:2
Author:Rodrigo
Date:2009-09-02 17:04:14
Update:2011-06-16 14:23:44
 

  1. Security BUG php directory explorer   Reply   Report abuse  
Picture of Rodrigo Rodrigo - 2009-09-02 17:04:14
A carefully crated URL used with this class can be used to search for directories inside the server

using this format source=../../../

You get the listing of files and directories beyond the allowed directory

to Fix this we added this line at Line 91 of php_dirs_explorer.class

$source=str_replace("../..","",$source);

Maybe an regex protections might work better

HTH

Rodrigo O
Xnet

  2. Re: Security BUG php directory explorer   Reply   Report abuse  
Picture of joseph joseph - 2011-06-16 14:23:44 - In reply to message 1 from Rodrigo
where i can find the icons ?