I don't think so. Test this, but I think you can just type /etc/passwd into
the file name box (instead of using the browse button) and have that value
submitted in the form. May be dependent upon the browser on how it's
handled, though.
This does not work with multipart/form-data you need
Raditha Dissanayake wrote:
This does not work with multipart/form-data you need www-urlencoded (or
just don't set an enctype attribute in your form)
What would happen in this case? The given filename would be passed to
the script?!
Alexander
--
PINO - The free Chatsystem!
Available at
Hi,
Multipart/form-data sends the entire file, if you don't use that enctype
yes, just the file name is sent.
best regards
Alexander Mueller wrote:
Raditha Dissanayake wrote:
This does not work with multipart/form-data you need www-urlencoded (or
just don't set an enctype attribute in your
I tried:
form action=phpinfo.php?_FILES[fake][tmp_name]=/etc/passwd
method=post enctype=multipart/form-data
Fake: input type=text name=_FILES[fake][tmp_name]
value=/etc/passwdbr
input type=file name=suborbr
input type=submit
/form
$_FILES superglobal still wasn't poisoned.
Alexander Mueller
Raditha Dissanayake wrote:
Hi,
Multipart/form-data sends the entire file, if you don't use that enctype
yes, just the file name is sent.
best regards
I see, but then $_FILES is probably not set. So it wouldnt be necessary
to use is_uploaded_file() if one solely uses $_FILES (but should
hi,
I think marek's recent message has answered this already, but i also
believe that even in the older system where
you have form fields like input type=file name=userfile result in
global variables like userfile_name etc the global variables don't get
populated unless you send the correct
Hi,
I am wondering about the following paragraph at
http://at2.php.net/manual/en/function.is-uploaded-file.php.
Returns TRUE if the file named by filename was uploaded via HTTP POST.
This is useful to help ensure that a malicious user hasn't tried to
trick the script into working on files
By requesting upload_script.php?userfile=/etc/passwd and
upload_sript.php uses global variables to handle uploads. This check
should not be necessery if you are using $_FILES superglobal as php will
not accept _FILES user input. But keep the check there in case a bug
will be introduced.
From: Alexander Mueller [EMAIL PROTECTED]
AFAIK the browser only sends the content of the chosen file and cannot
specify in any way a local filename which should be worked on.
Furthermore PHP creates a temporary file containing the uploaded file
content and passes this filename as 'tmp_name'
Marek Kilimajer wrote:
By requesting upload_script.php?userfile=/etc/passwd and
upload_sript.php uses global variables to handle uploads. This check
should not be necessery if you are using $_FILES superglobal as php will
not accept _FILES user input. But keep the check there in case a bug
Cpt John W. Holmes wrote:
The user can pass the name of a file on the server. If you're not doing any
checks and moving or displaying the file the user sent you, you may end
up moving, deleting, or displaying any file on your server.
---John Holmes...
Thanks John, but only in the case
From: Alexander Mueller [EMAIL PROTECTED]
Cpt John W. Holmes wrote:
The user can pass the name of a file on the server. If you're not doing
any
checks and moving or displaying the file the user sent you, you may
end
up moving, deleting, or displaying any file on your server.
---John
CPT John W. Holmes wrote:
I don't think so. Test this, but I think you can just type /etc/passwd into
the file name box (instead of using the browse button) and have that value
submitted in the form. May be dependent upon the browser on how it's
handled, though.
You would send your own /etc/passwd
13 matches
Mail list logo
