You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
URL encoded GET input file was set to showimage.php Pattern found:
<?php // header("Content-Length: 1" /*. filesize($name)*/); if( isset($_GET["file"]) && !isset($_GET["size"]) ){ // open the file in a binary mode header("Content-Type: image/jpeg"); $name = $_GET["file"]; // restrict urls if (filter_var($name, FILTER_VALIDATE_URL)) { exit(); } $fp = fopen($name, 'rb'); // send the right headers header("Content-Type: image/jpeg"); // dump the picture and stop the script
...
HTTP Request
GET /showimage.php?file=showimage.php&size=160 HTTP/1.1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Encoding: gzip,deflate,br User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Host: testphp.vulnweb.com Connection: Keep-alive
Vulnerability Description
This script is possibly vulnerable to file inclusion attacks. It seems that this script includes a file which name is determined using user-supplied data. This data is not properly validated before being passed to the include function.
Impact
It is possible for a remote attacker to include a file from local or remote resources and/or execute arbitrary script code with the privileges of the web-server.
Remediation
Edit the source code to ensure that input is properly validated. Where is possible, it is recommended to make a list of accepted filenames and restrict the input to that list.
For PHP, the option allow_url_fopen would normally allow a programmer to open, include or otherwise use a remote file using a URL rather than a local file path. It is recommended to disable this option from php.ini.
Affects
http://testphp.vulnweb.com/showimage.phpAttack Details
URL encoded GET input file was set to showimage.phpPattern found:
<?php
// header("Content-Length: 1" /*. filesize($name)*/);
if( isset($_GET["file"]) && !isset($_GET["size"]) ){
// open the file in a binary mode
header("Content-Type: image/jpeg");
$name = $_GET["file"];
// restrict urls
if (filter_var($name, FILTER_VALIDATE_URL)) {
exit();
}
$fp = fopen($name, 'rb');
// send the right headers
header("Content-Type: image/jpeg");
// dump the picture and stop the script ...
HTTP Request
Vulnerability Description
This script is possibly vulnerable to file inclusion attacks.It seems that this script includes a file which name is determined using user-supplied data. This data is not properly validated before being passed to the include function.
Impact
It is possible for a remote attacker to include a file from local or remote resources and/or execute arbitrary script code with the privileges of the web-server.Remediation
Edit the source code to ensure that input is properly validated. Where is possible, it is recommended to make a list of accepted filenames and restrict the input to that list.For PHP, the option allow_url_fopen would normally allow a programmer to open, include or otherwise use a remote file using a URL rather than a local file path. It is recommended to disable this option from php.ini.
References:
The text was updated successfully, but these errors were encountered: