Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email email@example.com
Re: [Full-Disclosure] file_exists() bypassing , critical problem ?
From: first-name last-name (nothing_nullhotmail.com)
Date: Mon Feb 02 2004 - 07:56:42 CST
file_exists() has a bug, yes. It should indicate whether a file exists or
not and you demonstrated that it doesn't in a special case. But all bugs
aren't a vulnerability.
The mistake is in the code you supplied. I'm not the first to tell it. You
told that the code is only an example, but an example of what ?? For me,
it's an example of a bad code that should not be used to protect some
website area. And that precisely what you are doing with :
That's OK, you can't rely on file_exists() to do what you want to do... but
that's a very ugly manner to do it though. If someone can enter your site
against your will, this will be your fault because of this ugly code (which
would be ugly even if file_exists() worked well).
In your first e-mail, you asked if we think that's a real vulnerability.
What I think is :
. file_exists() has a bug
. your code has a vulnerability
When you program some security related functions, you should not rely on
functions you suppose bugfree, but test every case (like you did) and
finally choose the right way. To conclude :
. use another manner to protect you website
. report the *bug* to PHP (already done if I understood well)
... and don't think that any existing website uses this method for
MSN Search, le moteur de recherche qui pense comme vous !
Full-Disclosure - We believe in it.