GoFuckYourself.com - Adult Webmaster Forum - View Single Post

raymor · 07-16-2012, 05:10 AM

You read the while damn file into memory instead of 1K at a time in a loop. If you DID loop, PHP read the whole damn file into memory anyway because while PHP 5 sucks far less than PHP 4, it still sucks awefully bad. Turn off output buffering.

Because the script is called file.php, I bet the code is the same as every other script with that name. Actually there are two versions of it - one that takes a filename as it's argument, and one that takes a file ID, which is then looked up in a database. If you're passing a filename, a bad guy can pass ../.../cgi-bin/.htpasswd or whatever and get any file they want. Fix that, then fix better because your first try will still leave you vulnerable.

07-16-2012, 05:10 AM
raymor Confirmed User Join Date: Oct 2002 Posts: 3,745	You read the while damn file into memory instead of 1K at a time in a loop. If you DID loop, PHP read the whole damn file into memory anyway because while PHP 5 sucks far less than PHP 4, it still sucks awefully bad. Turn off output buffering. Because the script is called file.php, I bet the code is the same as every other script with that name. Actually there are two versions of it - one that takes a filename as it's argument, and one that takes a file ID, which is then looked up in a database. If you're passing a filename, a bad guy can pass ../.../cgi-bin/.htpasswd or whatever and get any file they want. Fix that, then fix better because your first try will still leave you vulnerable. Last edited by raymor; 07-16-2012 at 05:12 AM..