security - Where can Null Byte Injection affect my PHP web app in a realistic setting? -

-

i've read php section on http://projects.webappsec.org/null-byte-injection.

the example provides pretty dumb - mean, why ever want include file based on outside param without checking first (for directory traversal attacks, one)?

so, if following standard php security practices, such as

  • encoding user entered data on display
  • validating user entered stuff works files
  • preventing crsf
  • not running uploads via executes php
  • etc

can provide real life example or common mistake of php developers problem can occur?

thanks

upate

i'm trying make break, , have tried.

// $filename public $filename = "some_file\0_that_is_bad.jpg";  $ext = pathinfo($filename, pathinfo_extension);  var_dump($filename, $ext);

which outputs

string(26) "some_file�_that_is_bad.jpg" string(3) "jpg"

i believe part of fun null byte injection simple validation may not enough catch them

e.g. string "password.txt\0blah.jpg" ends ".jpg" far scripting language concerned .. when passed c based function ( such many system functions) gets truncated "password.txt"

this means simple check may not safe. (this pseudocode, not php)

 if ( filename.endswith(".jpg") ) { some_c_function(filename); }

instead may have do

 filename = break_at_null(filename);  if ( filename.endswith(".jpg") ) { some_c_function(filename); }

now doesn't matter c function .. examples in cited article may have need file reading functions, database accesses, system calls, etc.


Comments

Post a Comment

Popular posts from this blog

ASP.NET/SQL find the element ID and update database -

-
basically i've got update query runs when click submit button. i have asp:repeater in page layer inside this <asp:repeater id="dgbookings" runat="server" onitemdatabound="itemdb"> <itemtemplate> <div class="bookingscontent"> <div class="bookingdetails" id="<%# databinder.eval(container.dataitem, "booking_ref") %>"> <p class="infotext"><%# databinder.eval(container.dataitem, "adults") %> <asp:linkbutton onclick="editdetails" text="edit..." runat="server"></asp:linkbutton></p> <p class="infotext"><asp:linkbutton onclick="submitdetails" text="submit..." runat="server"></asp:linkbutton></p> </div> </div> </itemtemplate> <asp:repeater> and outputs ...
Read more

c++ - Compiling static TagLib 1.6.3 libraries for Windows -

-
i having super hard time compiling , using taglib 1.6.3 in qt project. i've tried can think of. taglib claims supported through cmake i'm not having luck. furthermore, i'm confused kinds of files need qt libs! i've built *.a files, *.lib, , *.dll. understand far... believe since i'm working in windows *.lib want. no matter do, end "undefined references" taglib functions try use when try compile qt project. have tried mingw32, msys, visual studio 2008, , cross-compiling windows on linux. turning nothing. what makes less sense me if compile same taglib source qt on mac (g++ think?) works fine! somewhere in windows compilation procedures have going wrong. have been smacking face on desk 30 (on , off) hours trying figure out. since qt uses mingw must compile taglib same compiler? if compile *.lib's visual studio not compatible? are *.a libraries usable in windows? (assuming mingw) i'm still trying handle on c++ stuff, after reading coun...
Read more

PostgreSQL 9.x - pg_read_binary_file & inserting files into bytea -

-
i have been looking everywhere (google, stackoverflow, etc.) documentation on how use postgresql pg_read_binary_file() function. the meaningful thing can find this page in official documentation. every time try use function error. for example: select pg_read_binary_file('/some/path/and/file.gif'); error: absolute path not allowed or select pg_read_binary_file('file.gif'); error: not stat file "file.gif": no such file or directory do need have file in specific directory postgres have access it? if directory? if matters, reason looking @ function because trying insert file database without doing crazy things . as stated @a_horse_with_no_name , @guedes solution ensure file being uploaded on server in pgdata directory. the postgres documentation state file location requirement. additionally, made symlink directory pgdata directory not disturb of postgres data structure. seems working , don't have of above...
Read more